DOCUMENTATIONAPI REFERENCEAI-Link
DownloadsSupport
Loading search results...
Managing AtScaleManaging User Access and SecurityUsing External AuthenticationSetting Up Impersonation for Google BigQuery

Setting Up Impersonation for Google BigQuery

If you are using Google BigQuery as a data warehouse and Google G Suite directory to manage users and groups that have access to AtScale and published cubes, you can set up impersonation for Google BigQuery.

Before you begin

If you are an administrator or Super User for your AtScale organization, Impersonation is enabled from the Create a Data Warehouse dialog for Google BigQuery. To enable impersonation, choose Settings from the top navigation menu, then select Data Warehouses. Click on CREATE DATA WAREHOUSE, select Google BigQuery as the Data Warehouse type, and then enable Impersonation from the ensuing dialog.

About this task

This task involves delegating domain-wide authority to the service account that you are using for your Google BigQuery project.

Procedure

  1. Ensure that G Suite domain-wide authority is granted to the Google Cloud Platform service account that you are using with AtScale.

    • If you have an existing service account, you can enable this in the Service accounts page in Google Cloud Platform.

      Note: You must be an administrator of the G Suite domain.

    • If you are creating a new service account, select the Enable G Suite Domain-wide Delegation check box in the Create service account dialog.

  2. Delegate domain-wide authority to the service account.

    Note: You must be an administrator of the G Suite domain.

    1. Go to your G Suite domains Admin console.

    2. Select Security from the list of controls.

      If you don't see Security listed, select More controls from the gray bar at the bottom of the page, then select Security from the list of controls. If you can't see the controls, make sure you're signed in as an administrator for the domain.

    3. Select Show more and then Advanced settings from the list of options.

    4. Select Manage API client access in the Authentication section.

    5. In the Client Name field, enter the service account's Client ID. You can find your service account's client ID in the Service accounts page.

    6. In the One or More API Scopes field, enter the list of scopes that your application should be granted access to. AtScale requires these scopes:

      API ScopeDescription
      https://www.googleapis.com/auth/bigqueryView and manage your data in Google BigQuery
      https://www.googleapis.com/auth/bigquery.insertdataInsert data into Google BigQuery
      https://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform services
      https://www.googleapis.com/auth/devstorage.read_writeManage your data in Google Cloud Storage

      You can copy this comma-delimited list of API scopes and paste it into the One or More API Scopes field.

      https://www.googleapis.com/auth/bigquery,https://www.googleapis.com/auth/bigquery.insertdata,https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/devstorage.read_write

    7. Click Authorize.