Configure Cross-account Catalog to Access GCP Hive Metastore

To connect your e6data Workspace to a Hive Metastore and GCS data source in a different project, please follow the steps below:

Create a Custom IAM Role in the Project Hosting the Cloud Storage Bucket

  1. Navigate to IAM & Admin:

  1. Create a New Role:

  • Click on "Create role".

  • Enter a Title and Description for the role (e.g., "e6data Custom Role").

  1. Add Permissions:

  • In the "Permissions" section, add the following permissions:

storage.objects.getIamPolicy
storage.objects.get
storage.objects.list
  • These permissions will allow the e6data service account to interact with the bucket.

  1. Save the Role:

  • Click "Create" to save the newly created custom role.

Assign the Custom IAM Role to the e6data Service Account

  1. Access Cloud Storage:

  • Open the Google Cloud Console: Google Cloud Console.

  • Navigate to "Cloud Storage" by selecting it from the menu.

  1. Select the Relevant Bucket:

  • Click on the bucket to which you need to grant access.

  1. Open the Permissions Tab:

  • In the bucket details page, go to the "Permissions" tab to view the existing IAM policies.

  1. Add a New Member:

  • Click the "+ Add" button to add a new member to the bucket's IAM policy.

  1. Enter the Service Account’s Email Address:

  • Input the email address of the e6data service account created as part of the workspace infrastructure in the primary project.

  1. Assign the Custom Role:

  • Choose the custom role you created in the previous step. Select "Custom" from the role options and enter the role name.

  1. Save Changes:

  • Click "Save" to apply the new IAM policy to the bucket.

Last updated

#930: Cross account hive GCP

Change request updated