Page Comparison

...

• Add the below predefined roles in service account used by Kyvos cluster.

  • BigQuery data viewer

  • BigQuery user

  • Dataproc Worker

  • Cloud Functions Admin

  • Cloud Scheduler Admin

  • Cloud Scheduler Service Agent

  • Service Account User

  • Logs Writer

  • Workload Identity User

• Permissions for Cross-Project Datasets Access with BigQuery:

  1. Use the same service account that is being used by Kyvos VMs.

  2. Give the following roles to the above-created service account on the BigQuery Project.

     • BigQuery Data Viewer

     • BigQuery User

• Prerequisites for Cross-Project BigQuery setup and Kyvos VMs.

  1. Use the same service account that is being used by Kyvos VMs.

  2. To the service account used by Kyvos VMs, give the following roles on the BigQuery Project:

     • BigQuery Data Viewer

     • BigQuery User

• For accessing BigQuery Views, add the following permissions to the Kyvos custom role (created above).

  • bigquery.tables.create

  • bigquery.tables.delete

  • bigquery.tables.update

  • bigquery.tables.updateData

• Permissions to generate Temporary Views in Separate Dataset when performing the validation/preview operation from Kyvos on Google BigQuery.

  • bigquery.tables.create = permissions to create a new table  

  • bigquery.tables.updateData = to write data to a new table, overwrite a table, or append data to a table  

Prerequisites to run Terraform form local machine

Anchor
localmachine localmachine

...

• To use the BYOK (Bring Your Own Key):
  The service agent must be present in the project where the user is going to create Google Cloud Storage and Secret Manager. For more details, refer to Google documentation.

...

• .

...

• Kyvos-role (created in step 1)

• BigQuery data viewer

• BigQuery user

• Dataproc Worker

• Cloud Functions Admin

• Cloud Scheduler Admin

• Cloud Scheduler Service Agent

• Service Account User

• Logs Writer

• Workload Identity User

...

Permissions for Cross-Project Datasets Access with BigQuery:

1. Use the same service account that is being used by Kyvos VMs.

2. Give the following roles to the above-created service account on the BigQuery Project.

   • BigQuery Data Viewer

   • BigQuery User

...

Prerequisites for Cross-Project BigQuery setup and Kyvos VMs.

1. Use the same service account that is being used by Kyvos VMs.

2. To the service account used by Kyvos VMs, give the following roles on the BigQuery Project:

   • BigQuery Data Viewer

   • BigQuery User

...

For accessing BigQuery Views, add the following permissions to the Kyvos custom role (created above).

• bigquery.tables.create

• bigquery.tables.delete

• bigquery.tables.update

• bigquery.tables.updateData

Permissions to generate Temporary Views in Separate Dataset when performing the validation/preview operation from Kyvos on Google BigQuery.

...

bigquery.tables.create = permissions to create a new table  

...

Additional permission required to run Auto scaling for GCP Enterprise

...