Configure Cross-account Catalog to Access GCP Hive Metastore

To connect your e6data Workspace to a Hive Metastore and GCS data source in a different project, please follow the steps below:

Create a Custom IAM Role in the Project Hosting the Cloud Storage Bucket

1. Navigate to IAM & Admin:

• Open the Google Cloud Console: Google Cloud Console.

• Go to IAM & Admin > Roles.

1. Create a New Role:

• Click on "Create role".

• Enter a Title and Description for the role (e.g., "e6data Custom Role").

1. Add Permissions:

• In the "Permissions" section, add the following permissions:

storage.objects.getIamPolicy
storage.objects.get
storage.objects.list

• These permissions will allow the e6data service account to interact with the bucket.

1. Save the Role:

• Click "Create" to save the newly created custom role.

Assign the Custom IAM Role to the e6data Service Account

1. Access Cloud Storage:

• Open the Google Cloud Console: Google Cloud Console.

• Navigate to "Cloud Storage" by selecting it from the menu.

1. Select the Relevant Bucket:

• Click on the bucket to which you need to grant access.

1. Open the Permissions Tab:

• In the bucket details page, go to the "Permissions" tab to view the existing IAM policies.

1. Add a New Member:

• Click the "+ Add" button to add a new member to the bucket's IAM policy.

1. Enter the Service Account’s Email Address:

• Input the email address of the e6data service account created as part of the workspace infrastructure in the primary project.

1. Assign the Custom Role:

• Choose the custom role you created in the previous step. Select "Custom" from the role options and enter the role name.

1. Save Changes:

• Click "Save" to apply the new IAM policy to the bucket.