{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-@l10n/ja/sidebars.yaml"},"props":{"metadata":{"markdoc":{"tagList":["admonition"]},"type":"markdown"},"seo":{"title":"Step 2: Set Up BigQuery Authentication","description":"Create a GCP service account, grant IAM roles, and generate a JSON key for Composable Audience Studio authentication.","siteUrl":"https://docs.treasure.ai","lang":"en-US","llmstxt":{"hide":false,"sections":[{"title":"Table of contents","includeFiles":["**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"step-2-set-up-bigquery-authentication","__idx":0},"children":["Step 2: Set Up BigQuery Authentication"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Composable Audience Studio (CAS) connects to BigQuery using a ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["GCP service account with a JSON key"]},". You will create a service account, grant IAM roles, and generate a JSON key."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"gcp-step-1-create-a-service-account","__idx":1},"children":["GCP Step 1: Create a Service Account"]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Open the ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"https://console.cloud.google.com/"},"children":["Google Cloud Console"]}," > ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["IAM & Admin"]}," > ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Service Accounts"]},"."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Click ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Create Service Account"]},"."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Enter a display name (e.g., ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["TAI-CAS-Service"]},")."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Click ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Create and Continue"]},"."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Note the service account email address assigned (e.g., ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["tai-cas-service@<project_id>.iam.gserviceaccount.com"]},")."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"gcp-step-2-grant-iam-roles","__idx":2},"children":["GCP Step 2: Grant IAM Roles"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Grant the service account the required IAM roles as described in Step 1 (BigQuery IAM Permissions section above)."," ","Grant the service account the required IAM roles as described in ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/ja/products/customer-data-platform/composable-cdp/bigquery/prepare-bigquery-data#bigquery-iam-permissions"},"children":["Step 1: Prepare Your BigQuery Data"]},"."," ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Minimum required:"]}]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["roles/bigquery.jobUser"]}," at project level"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["roles/bigquery.dataEditor"]}," at dataset level"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"gcp-step-3-generate-a-json-key","__idx":3},"children":["GCP Step 3: Generate a JSON Key"]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["In the Service Account details page, go to the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Keys"]}," tab."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Click ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Add Key"]}," > ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Create new key"]},"."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Choose ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["JSON"]}," format > ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Create"]},"."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["The browser downloads the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":[".json"]}," key file automatically."]}]},{"$$mdtype":"Tag","name":"Admonition","attributes":{"type":"warning","name":"Keep the JSON file secure"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["This file grants full access to the service account. Store it safely and do not share it."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"gcp-step-4-allow-treasure-ai-server-ips-to-access-bigquery-if-necessary","__idx":4},"children":["GCP Step 4: Allow Treasure AI Server IPs to Access BigQuery (If Necessary)"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["If your GCP project uses VPC Service Controls or organization policies that restrict API access by IP, add Treasure AI's export IP addresses to the allowed list."]},{"$$mdtype":"Tag","name":"Admonition","attributes":{"type":"info","name":"Note"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["For the list of Treasure AI IP addresses to add, see ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/apis/endpoints/ip-addresses-integrations-result-workers"},"children":["Static IP Addresses for Integrations and Result Workers"]},". Whitelist both the Import and Export tabs."]}]}]},"headings":[{"value":"Step 2: Set Up BigQuery Authentication","id":"step-2-set-up-bigquery-authentication","depth":1},{"value":"GCP Step 1: Create a Service Account","id":"gcp-step-1-create-a-service-account","depth":2},{"value":"GCP Step 2: Grant IAM Roles","id":"gcp-step-2-grant-iam-roles","depth":2},{"value":"GCP Step 3: Generate a JSON Key","id":"gcp-step-3-generate-a-json-key","depth":2},{"value":"GCP Step 4: Allow Treasure AI Server IPs to Access BigQuery (If Necessary)","id":"gcp-step-4-allow-treasure-ai-server-ips-to-access-bigquery-if-necessary","depth":2}],"frontmatter":{"seo":{"title":"Step 2: Set Up BigQuery Authentication","description":"Create a GCP service account, grant IAM roles, and generate a JSON key for Composable Audience Studio authentication."}},"lastModified":"2026-06-09T07:42:46.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/ja/products/customer-data-platform/composable-cdp/bigquery/set-up-bigquery-authentication","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}