gcloud alpha dataplex lakes authorize - authorize a project service account to manage given resource
gcloud alpha dataplex lakes authorize (--project-resource=PROJECT_RESOURCE | --storage-bucket-resource=STORAGE_BUCKET_RESOURCE | --bigquery-dataset-resource=BIGQUERY_DATASET_RESOURCE --secondary-project=SECONDARY_PROJECT) [GCLOUD_WIDE_FLAG ...]
(ALPHA) IAM Bindings for the service account of the primary project will be added to a secondary project, a storage bucket, or BigQuery dataset.
To authorize the service account in project test-project to manage another project test-project2, run:
$ gcloud alpha dataplex lakes authorize --project=test-project \ --project-resource=test-project2
To authorize the service account in project test-project to manage the storage bucket dataplex-storage-bucket, run:
$ gcloud alpha dataplex lakes authorize --project=test-project \ --storage-bucket-resource=dataplex-storage-bucket
To authorize the service account in project test-project to manage the BigQuery dataset test-dataset in project test-project2, run:
$ gcloud alpha dataplex lakes authorize --project=test-project \ --bigquery-dataset-resource=test-dataset \ --secondary-project=test-project2
- Container or Object to bind P4SA.
Exactly one of these must be specified:
- --project-resource=PROJECT_RESOURCE
The identifier of the project to authorize.
- --storage-bucket-resource=STORAGE_BUCKET_RESOURCE
The identifier of the Cloud Storage bucket to authorize the project on.
- Fields to help identify the BigQuery Dataset.
- --bigquery-dataset-resource=BIGQUERY_DATASET_RESOURCE
The identifier of the BigQuery dataset to authorize.
This flag argument must be specified if any of the other arguments in this group are specified.
- --secondary-project=SECONDARY_PROJECT
The identifier of the Project where BigQuery dataset resides.
This flag argument must be specified if any of the other arguments in this group are specified.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. This variant is also available:
$ gcloud dataplex lakes authorize