Skip to main content
WisdomAI uses a Google Cloud Platform (GCP) service account to authenticate with BigQuery for background operations such as metadata crawling and data discovery. This guide walks you through creating the service account, assigning the required IAM roles, and generating the JSON key that WisdomAI needs to connect.

Prerequisites

  • An active Google Cloud project
  • The BigQuery API enabled in that project
  • Permission to create service accounts and assign IAM roles in your GCP project

Create the service account

A service account is a Google account that an application uses to make authorized API calls on its own behalf.
  1. Open the GCP Console and go to IAM & Admin > Service Accounts.
  2. Click + CREATE SERVICE ACCOUNT.
  3. Enter a descriptive Service account name, for example Wisdom-bigquery. The Service account ID is generated automatically from the name.
  4. Optionally, add a Service account description such as Service account for WisdomAI BigQuery connectivity.
  5. Click CREATE AND CONTINUE.

Assign IAM roles

WisdomAI needs three roles to read metadata, run queries, and stream results efficiently from BigQuery:
  • BigQuery Data Viewer: view BigQuery data and metadata
  • BigQuery Job User: run BigQuery jobs, including queries
  • BigQuery Read Session User: retrieve data efficiently through the BigQuery Storage API
Assign these roles at the project level for broad access:
  1. On the Grant this service account access to project step, open the Select a role dropdown.
  2. Add BigQuery Data Viewer, BigQuery Job User, and BigQuery Read Session User.
  3. Click DONE.

Restrict access to specific datasets

If you want WisdomAI to access only certain datasets in your project, grant data roles at the dataset level instead of the project level.
  1. Open BigQuery in the GCP Console and select the dataset you want to share.
  2. Click SHARE DATASET.
  3. In the Add principals field, enter the email address of the service account.
  4. Assign BigQuery Data Viewer and BigQuery Read Session User to the service account for this dataset.
  5. Repeat for every dataset WisdomAI needs to access.
  6. Assign BigQuery Job User once at the project level. This role cannot be granted at the dataset level.

Generate a JSON key

WisdomAI authenticates with BigQuery using a JSON key file associated with the service account.
  1. Go back to IAM & Admin > Service Accounts and click the service account you created.
  2. Open the KEYS tab.
  3. Click ADD KEY > Create new key.
  4. Select JSON as the key type and click CREATE.
The key file downloads to your computer.
The JSON key file contains sensitive credentials. Treat it like a password: store it in a secrets manager or secure file-sharing tool, and never send it over unencrypted email or chat.

Next steps

Connect to Google BigQuery

Use the service account to create a BigQuery connection in WisdomAI.

Connect to Snowflake

Connect to Snowflake directly or via a proxy using key-pair authentication.