Using a Google Cloud Service Account with Analytics Canvas
The recommended method for accessing Google BigQuery and Google Cloud Storage within applications is to use a Google Cloud Service Account, which belongs to an application rather to an individual user. This article shows you how to access your Google Cloud Platform services using your Service Account for Analytics Canvas.
Accessing BigQuery with Analytics Canvas Online
To access your own BigQuery account, you must grant permission to the service account for your Analytics Canvas subscription.
- In Analytics Canvas Online, find the Service Account under Admin > Access your own BigQuery and copy it.
- Go to https://console.cloud.google.com and login, then select the Project that contains the data you'd like to view in Canvas.
- From the menu on the left, go to IAM & Admin > IAM and click +ADD
- Under New Principals, paste the service account address that was copied in step 1.
- Under Role*, find BigQuery Job User, add it, and click save. This is the minimum permission required to run queries on datasets within the project.
Permissions - Minimum vs Recommended
You will now provide permission for Analytics Canvas to access your data. In order for Canvas to read and write to a table in a dataset, it needs the Recommended permissions. For minimum, read-only access to 1 specific dataset, for example to your GA4 Property, provide the minimum permissions.
Minimum Permissions - Read Only
The minimum permissions are BigQuery Job User at the Project level, and BigQuery Data Viewer at the Data Set level. Having provided BigQuery Job User access in the step above, navigate to a table in BigQuery, click the three dots after a table's name, then click "Share" to provide Data Set level access.
Next, Add the same Google Cloud Service account that you found in step 1 by clicking "Add Principal"
Add the Service Account, then under Role, select "BigQuery Data Viewer". This is the minimum level of access that will allow you to see your data within Analytics Canvas Online.
No additional steps are required. Once you have provided the appropriate access to the Service Account for your subscription, it just takes a few minutes before you can access your BigQuery account to both read and write data using Analytics Canvas Online.
If you run into any issues at all, please contact email@example.com.
Regardless of which mode you use, certain APIs must be authorized with your Google Cloud Platform Project before you can create a Service Account and use it to access BigQuery or Google Cloud Storage.
In order to continue, you will need access to the Google Cloud Console for your organization, and the specific Project or Projects that you will be working on. Specifically, you will need the ability to create Service Accounts and grant access to Google BigQuery and Google Cloud Storage. If you do not have access, share this article with someone who does.
- To see and display your projects and the permissions associated with your Service Account, enable the Cloud Resource Manager API
- If you will be connecting to BigQuery, the BigQuery API must be enabled
- If you will be connecting to Cloud Storage, you must enable the Cloud Storage API
- You will need to know the name and ID of the Project(s) that contain the data you wish to access.
Once you have enabled the APIs above, repeat the steps above.