Data Catalog is deprecated and will be discontinued on January 30, 2026. For steps to transition your Data Catalog users, workloads, and content to Dataplex Universal Catalog, seeTransition from Data Catalog to Dataplex Universal Catalog.
Enable your organization principals to use tagsStay organized with collectionsSave and categorize content based on your preferences.
This document describes how to grant the Data CatalogtagTemplateUserrole to
principals. You can do this after you create a Data Catalog tag template in yourresource project. This enables them to create metadata, that is, use
your template to tag data resources. For more information, seeAttaching tags to Google Cloud resources.
The next section shows how to grant thetagTemplateUserrole.
Grant thetagTemplateUserrole
Console
Console
To grant the Data CatalogtagTemplateUserrole to a principal
on a project, do the following:
Go to IAMin the Google Cloud console and click the edit
(edit) button at the right of the
principal's listing.
In theEdit permissionsdialog, clickaddADD ANOTHER ROLE, then click theSelect a roledrop-down list.
In thefilter_listFilterbox, insertData Catalog TagTemplate Userto display this role, then select it and
clickSAVE.
importcom.google.cloud.datacatalog.v1.DataCatalogClient;importcom.google.cloud.datacatalog.v1.TagTemplateName;importcom.google.iam.v1.Binding;importcom.google.iam.v1.Policy;importcom.google.iam.v1.SetIamPolicyRequest;importjava.io.IOException;// Sample to grant tag access on templatepublicclassGrantTagTemplateUserRole{publicstaticvoidmain(String[]args)throwsIOException{// TODO(developer): Replace these variables before running the sample.StringprojectId="my-project";StringtagTemplateId="my_tag_template";grantTagTemplateUserRole(projectId,tagTemplateId);}publicstaticvoidgrantTagTemplateUserRole(StringprojectId,StringtemplateId)throwsIOException{// Currently, Data Catalog stores metadata in the us-central1 region.Stringlocation="us-central1";// Format the Template name.StringtemplateName=TagTemplateName.newBuilder().setProject(projectId).setLocation(location).setTagTemplate(templateId).build().toString();// Initialize client that will be used to send requests. This client only needs to be created// once, and can be reused for multiple requests. After completing all of your requests, call// the "close" method on the client to safely clean up any remaining background resources.try(DataCatalogClientdataCatalogClient=DataCatalogClient.create()){// Create a Binding to add the Tag Template User role and member to the policy.Bindingbinding=Binding.newBuilder().setRole("roles/datacatalog.tagTemplateUser").addMembers("group:example-analyst-group@google.com").build();// Create a Policy object to update Template's IAM policy by adding the new binding.PolicypolicyUpdate=Policy.newBuilder().addBindings(binding).build();SetIamPolicyRequestrequest=SetIamPolicyRequest.newBuilder().setPolicy(policyUpdate).setResource(templateName).build();// Update Template's policy.dataCatalogClient.setIamPolicy(request);System.out.println("Role successfully granted");}}}
// Import the Google Cloud client library.const{DataCatalogClient}=require('@google-cloud/datacatalog').v1;constdatacatalog=newDataCatalogClient();asyncfunctiongrantTagTemplateUserRole(){// Grant the tagTemplateUser role to a member of the project./*** TODO(developer): Uncomment the following lines before running the sample.*/// const projectId = 'my_project'; // Google Cloud Platform project// const templateId = 'my_existing_template';// const memberId = 'my_member_id'constlocation='us-central1';// Format the Template name.consttemplateName=datacatalog.tagTemplatePath(projectId,location,templateId);// Retrieve Template's current IAM Policy.const[getPolicyResponse]=awaitdatacatalog.getIamPolicy({resource:templateName,});constpolicy=getPolicyResponse;// Add Tag Template User role and member to the policy.policy.bindings.push({role:'roles/datacatalog.tagTemplateUser',members:[memberId],});constrequest={resource:templateName,policy:policy,};// Update Template's policy.const[updatePolicyResponse]=awaitdatacatalog.setIamPolicy(request);updatePolicyResponse.bindings.forEach(binding=>{console.log(`Role:${binding.role}, Members:${binding.members}`);});}grantTagTemplateUserRole();
fromgoogle.cloudimportdatacatalog_v1fromgoogle.iam.v1importiam_policy_pb2asiam_policyfromgoogle.iam.v1importpolicy_pb2datacatalog=datacatalog_v1.DataCatalogClient()# TODO: Set these values before running the sample.project_id="project_id"tag_template_id="existing_tag_template_id"# For a full list of values a member can have, see:# https://cloud.google.com/iam/docs/reference/rest/v1/Policy?hl=en#bindingmember_id="user:super-cool.test-user@gmail.com"# For all regions available, see:# https://cloud.google.com/data-catalog/docs/concepts/regionslocation="us-central1"# Format the Template name.template_name=datacatalog_v1.DataCatalogClient.tag_template_path(project_id,location,tag_template_id)# Retrieve Template's current IAM Policy.policy=datacatalog.get_iam_policy(resource=template_name)# Add Tag Template User role and member to the policy.binding=policy_pb2.Binding()binding.role="roles/datacatalog.tagTemplateUser"binding.members.append(member_id)policy.bindings.append(binding)set_policy_request=iam_policy.SetIamPolicyRequest(resource=template_name,policy=policy)# Update Template's policy.policy=datacatalog.set_iam_policy(set_policy_request)forbindinginpolicy.bindings:formemberinbinding.members:print(f"Member:{member}, Role:{binding.role}")
REST & CMD LINE
REST
If you do not have access to Cloud Client libraries for your language or
want to test the API using REST requests, see the following examples
and refer to theData Catalog REST APIdocumentation.
Before using any of the request data,
make the following replacements:
project-id: Google Cloud project ID
template-id: the tag template ID
HTTP method and URL:
POST https://datacatalog.googleapis.com/v1/projects/project-id/locations/region/tagTemplates/template-id:setIamPolicy
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-12-15 UTC."],[],[]]
