From edb90843e5ae0f0ba133f43f55e74648ae88b8b1 Mon Sep 17 00:00:00 2001 From: kly-segment <109566332+kly-segment@users.noreply.github.com> Date: Tue, 3 Dec 2024 13:23:18 -0800 Subject: [PATCH 1/3] Update BigQuery-setup.md Missing critical step #2 for BigQuery warehouse permissions setup --- .../data-graph/setup-guides/BigQuery-setup.md | 22 +++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/src/unify/data-graph/setup-guides/BigQuery-setup.md b/src/unify/data-graph/setup-guides/BigQuery-setup.md index 1ffc64f459..ead51a602e 100644 --- a/src/unify/data-graph/setup-guides/BigQuery-setup.md +++ b/src/unify/data-graph/setup-guides/BigQuery-setup.md @@ -30,7 +30,21 @@ To set the roles and permissions: 11. Copy all the content in the JSON file you created in the previous step, and save it for Step 5. -## Step 2: Grant read-only access for the Data Graph +## Step 2: Create a dataset for Segment to store checkpoint tables +**Segment requires write access to this dataset for internal bookkeeping and to store checkpoint tables for the queries that are executed. Therefore, Segment recommends creating a new dataset for this purpose.** + +> info "" +> Segment recommends creating a new dataset for the Data Graph. +> If you choose to use an existing dataset that has also been used for [Segment Reverse ETL](/docs/connections/reverse-etl/), you must follow the [additional instructions](#update-user-access-for-segment-reverse-etl-catalog) to update user access for the Segment Reverse ETL catalog. + +Navigate to the BigQuery SQL editor and create a dataset that will be used by Segment. + +``` +CREATE SCHEMA IF NOT EXISTS `__segment_reverse_etl`; +GRANT `roles/bigquery.dataEditor` ON SCHEMA `__segment_reverse_etl` TO "serviceAccount:"; +``` + +## Step 3: Grant read-only access for the Data Graph Grant the [BigQuery Data Viewer](https://cloud.google.com/bigquery/docs/access-control#bigquery.dataViewer){:target="_blank"} role to the service account at the project level. Make sure to grant read-only access to the Profiles Sync project in case you have a separate project. To grant read-only access for the Data Graph: @@ -41,7 +55,7 @@ To grant read-only access for the Data Graph: 5. Select the **BigQuery Data Viewer role**. 6. Click **Save**. -## *(Optional)* Step 3: Restrict read-only access +## *(Optional)* Step 4: Restrict read-only access If you want to restrict access to specific datasets, grant the BigQuery Data Viewer role on datasets to the service account. Make sure to grant read-only access to the Profiles Sync dataset. To restrict read-only access: @@ -58,7 +72,7 @@ You can also run the following command: GRANT `roles/bigquery.dataViewer` ON SCHEMA `YOUR_DATASET_NAME` TO "serviceAccount:"; ``` -## Step 4: Validate permissions +## Step 5: Validate permissions 1. Navigate to **IAM & Admin > Service Accounts** in BigQuery. 2. Search for the service account you’ve just created. 3. From your service account, click the three dots under **Actions** and select **Manage permissions**. @@ -66,7 +80,7 @@ GRANT `roles/bigquery.dataViewer` ON SCHEMA `YOUR_DATASET_NAME` TO "serviceAccou 5. Select a box with List resources within resource(s) matching your query. 6. Click **Analyze**, then click **Run query**. -## Step 5: Connect your warehouse to Segment +## Step 6: Connect your warehouse to Segment 1. Navigate to **Unify > Data Graph** in Segment. This should be a Unify space with Profiles Sync already set up. 2. Click **Connect warehouse**. 3. Select *BigQuery* as your warehouse type. From 85232b7f3e875a9afcf8dd2dc86614900e143b7e Mon Sep 17 00:00:00 2001 From: stayseesong <83784848+stayseesong@users.noreply.github.com> Date: Thu, 5 Dec 2024 09:35:26 -0800 Subject: [PATCH 2/3] Update src/unify/data-graph/setup-guides/BigQuery-setup.md --- src/unify/data-graph/setup-guides/BigQuery-setup.md | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/src/unify/data-graph/setup-guides/BigQuery-setup.md b/src/unify/data-graph/setup-guides/BigQuery-setup.md index ead51a602e..4b9f32b877 100644 --- a/src/unify/data-graph/setup-guides/BigQuery-setup.md +++ b/src/unify/data-graph/setup-guides/BigQuery-setup.md @@ -31,18 +31,11 @@ To set the roles and permissions: ## Step 2: Create a dataset for Segment to store checkpoint tables -**Segment requires write access to this dataset for internal bookkeeping and to store checkpoint tables for the queries that are executed. Therefore, Segment recommends creating a new dataset for this purpose.** +Create a new dataset as Segment requires write access to the dataset for internal bookkeeping and to store checkpoint tables for the queries that are executed. -> info "" -> Segment recommends creating a new dataset for the Data Graph. -> If you choose to use an existing dataset that has also been used for [Segment Reverse ETL](/docs/connections/reverse-etl/), you must follow the [additional instructions](#update-user-access-for-segment-reverse-etl-catalog) to update user access for the Segment Reverse ETL catalog. - -Navigate to the BigQuery SQL editor and create a dataset that will be used by Segment. +Segment recommends you to create a new dataset for the Data Graph. If you choose to use an existing dataset that has also been used for [Segment Reverse ETL](/docs/connections/reverse-etl/), you must follow the [additional instructions](/docs/unify/data-graph/setup-guides/bigquery-setup/#update-user-access-for-segment-reverse-etl-dataset) to update user access for the Segment Reverse ETL catalog. -``` -CREATE SCHEMA IF NOT EXISTS `__segment_reverse_etl`; -GRANT `roles/bigquery.dataEditor` ON SCHEMA `__segment_reverse_etl` TO "serviceAccount:"; -``` +To create your dataset, navigate to the BigQuery SQL editor and create a dataset that will be used by Segment. ## Step 3: Grant read-only access for the Data Graph Grant the [BigQuery Data Viewer](https://cloud.google.com/bigquery/docs/access-control#bigquery.dataViewer){:target="_blank"} role to the service account at the project level. Make sure to grant read-only access to the Profiles Sync project in case you have a separate project. From 789d72893d3327809b318fcb5b2b83b55cc8afd2 Mon Sep 17 00:00:00 2001 From: stayseesong <83784848+stayseesong@users.noreply.github.com> Date: Thu, 5 Dec 2024 09:45:08 -0800 Subject: [PATCH 3/3] Update BigQuery-setup.md --- src/unify/data-graph/setup-guides/BigQuery-setup.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/unify/data-graph/setup-guides/BigQuery-setup.md b/src/unify/data-graph/setup-guides/BigQuery-setup.md index 4b9f32b877..53a07c61a3 100644 --- a/src/unify/data-graph/setup-guides/BigQuery-setup.md +++ b/src/unify/data-graph/setup-guides/BigQuery-setup.md @@ -37,6 +37,11 @@ Segment recommends you to create a new dataset for the Data Graph. If you choose To create your dataset, navigate to the BigQuery SQL editor and create a dataset that will be used by Segment. +``` +CREATE SCHEMA IF NOT EXISTS `__segment_reverse_etl`; +GRANT `roles/bigquery.dataEditor` ON SCHEMA `__segment_reverse_etl` TO "serviceAccount:"; +``` + ## Step 3: Grant read-only access for the Data Graph Grant the [BigQuery Data Viewer](https://cloud.google.com/bigquery/docs/access-control#bigquery.dataViewer){:target="_blank"} role to the service account at the project level. Make sure to grant read-only access to the Profiles Sync project in case you have a separate project.