# Configure Cross-account Catalog to Access GCP Hive Metastore To connect your e6data Workspace to a Hive Metastore and GCS data source in a different project, please follow the steps below: ### **Create a Custom IAM Role in the Project Hosting the Cloud Storage Bucket** 1. **Navigate to IAM & Admin:** * Open the Google Cloud Console: [Google Cloud Console](https://console.cloud.google.com/). * Go to `IAM & Admin` > `Roles`. 3. **Create a New Role**: * Click on **"Create role"**. * Enter a **Title** and **Description** for the role (e.g., "e6data Custom Role"). 4. **Add Permissions**: * In the **"Permissions"** section, add the following permissions: ``` storage.objects.getIamPolicy storage.objects.get storage.objects.list ``` * These permissions will allow the e6data service account to interact with the bucket. 5. **Save the Role**: * Click **"Create"** to save the newly created custom role. ### **Assign the Custom IAM Role to the e6data Service Account** 1. **Access Cloud Storage**: * Open the Google Cloud Console: [Google Cloud Console](https://console.cloud.google.com/). * Navigate to **"Cloud Storage"** by selecting it from the menu. 2. **Select the Relevant Bucket**: * Click on the bucket to which you need to grant access. 3. **Open the Permissions Tab**: * In the bucket details page, go to the **"Permissions"** tab to view the existing IAM policies. 4. **Add a New Member**: * Click the **"+ Add"** button to add a new member to the bucket's IAM policy. 5. **Enter the Service Account’s Email Address**: * Input the email address of the e6data [service account](https://docs.e6data.com/product-documentation/~/changes/0iCkDjvnPldS7yucryRX/setup/gcp-setup/infrastructure-and-permissions-for-e6data#step-3-create-an-iam-role-for-the-e6data-engine-inlineextension) created as part of the workspace infrastructure in the primary project. 6. **Assign the Custom Role**: * Choose the custom role you created in the previous step. Select **"Custom"** from the role options and enter the role name. 7. **Save Changes**: * Click **"Save"** to apply the new IAM policy to the bucket.