Google Cloud service accounts are used by query.recipes to connect to your BigQuery data warehouse - they are an "authorization key" of sorts.
Let's create a service account key.
IMPORTANT PREREQUISITE - IAM Permissions
To create a service account from the Google Cloud Console, you MUST have the appropriate permissions for your project. Permissions can be assigned through the IAM Console.
If you created the project, you are the Project Owner and already have these permissions.
If you are not the owner, but still need broad access to modify the project, we recommend being assigned the Project Editor role.
If you prefer using granular permissions, the minimum roles required to create and edit service accounts are:
- BigQuery Admin
- Security Admin
- Service Account Admin
SERVICE ACCOUNT CREATION STEPS
- From the Google Cloud Platform Dashboard, use the hamburger menu at the top left, then navigate to IAM & Admin > Service Accounts.
2. Select the “Create Service Account” option at the top of the screen.
3. Set a Service Account Name + Service Account Description, then submit via “CREATE.”
Use an easily recognizable name, like “your-org-query-recipes” and in the description add a simple note of the main use of the service account, like “Running query.recipes on BigQuery”
4. Service Account Permissions:
On the drop-down filter from the “Select a Role” menu, select BigQuery > BigQuery Admin, then continue.
The “BigQuery Admin” role guarantees that the service account is able to import data, create and edit tables and run queries on schedule without any hiccups.
5. Select 'DONE.'
There's no need to add additional users' permissions here.
That's it! Your service account is ready.
6. Download the JSON Key
Select the hamburger menu to the right of your service account, then select the option Create Key.
Select JSON format if prompted. This will prompt a download of a .json file.
BE SURE TO STORE THIS KEY IN A SECURE FOLDER.
CONNECTING YOUR SERVICE ACCOUNT TO QR
When you create a site (docs here), you'll be asked to upload your service account .json file in the 5th step.
You'll only need to upload your keyfile once per BigQuery project. If you've already uploaded your key, that step in the site setup wizard will be skipped.