README
This commit is contained in:
parent
2d9d52fd8d
commit
0892e3ad63
|
@ -55,7 +55,7 @@ We assign roles on resources at the project level, granting the appropriate role
|
||||||
|
|
||||||
### Service accounts
|
### Service accounts
|
||||||
|
|
||||||
Service account creation follows the least privilege principle, performing a single task which requires access to a defined set of resources. In the table below you can find an high level overview on roles for each service account. For semplicy `READ` or `WRITE` roles are used, for detailed roles please refer to the code.
|
Service account creation follows the least privilege principle, performing a single task which requires access to a defined set of resources. In the table below you can find an high level overview on roles for each service account on each data layer. For semplicy `READ` or `WRITE` roles are used, for detailed roles please refer to the code.
|
||||||
|
|
||||||
|
|
||||||
|Service Account|Landing|DataLake L0|DataLake L1|DataLake L2|
|
|Service Account|Landing|DataLake L0|DataLake L1|DataLake L2|
|
||||||
|
@ -77,7 +77,7 @@ We use three groups to control access to resources:
|
||||||
- *Data Analyst*. They perform analysis on datasets, with read access to the data lake L2 project, and BigQuery READ/WRITE access to the playground project.
|
- *Data Analyst*. They perform analysis on datasets, with read access to the data lake L2 project, and BigQuery READ/WRITE access to the playground project.
|
||||||
- *Data Security*:. They handle security configurations related to the Data Hub. This team has admin access to the common project to configure Cloud DLP templates or Data Catalog policy tags.
|
- *Data Security*:. They handle security configurations related to the Data Hub. This team has admin access to the common project to configure Cloud DLP templates or Data Catalog policy tags.
|
||||||
|
|
||||||
In the table below you can find an high level overview on roles for each group. For semplicy `READ`, `WRITE` and `ADMIN` roles are used, for detailed roles please refer to the code.
|
In the table below you can find an high level overview on roles for each group on each project. For semplicy `READ`, `WRITE` and `ADMIN` roles are used, for detailed roles please refer to the code.
|
||||||
|
|
||||||
|Group|Landing|Load|Transformation|Data Lake L0|Data Lake L1|Data Lake L2|Data Lake Playground|Orchestration|Common|
|
|Group|Landing|Load|Transformation|Data Lake L0|Data Lake L1|Data Lake L2|Data Lake Playground|Orchestration|Common|
|
||||||
|-|:-:|:-:|:-:|:-:|:-:|:-:|:-:|:-:|:-:|
|
|-|:-:|:-:|:-:|:-:|:-:|:-:|:-:|:-:|:-:|
|
||||||
|
@ -111,17 +111,6 @@ In both VPC scenarios, you also need these ranges for Composer:
|
||||||
|
|
||||||
### Resource naming conventions
|
### Resource naming conventions
|
||||||
|
|
||||||
Resources in the script use the following acronyms:
|
|
||||||
|
|
||||||
- `lnd` for `landing`
|
|
||||||
- `lod` for `load`
|
|
||||||
- `orc` for `orchestration`
|
|
||||||
- `trf` for `transformation`
|
|
||||||
- `dtl` for `Data Lake`
|
|
||||||
- `cmn` for `common`
|
|
||||||
- `plg` for `playground`
|
|
||||||
- 2 letters acronym for GCP products, example: `bq` for `BigQuery`, `df` for `Cloud Dataflow`, ...
|
|
||||||
|
|
||||||
Resources follow the naming convention described below.
|
Resources follow the naming convention described below.
|
||||||
|
|
||||||
- `prefix-layer` for projects
|
- `prefix-layer` for projects
|
||||||
|
|
Loading…
Reference in New Issue