> ## Documentation Index
> Fetch the complete documentation index at: https://docs.activeviam.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Connect to BigQuery

## Credentials

DirectQuery delegates the credentials handling to a Google [BigQuery](https://cloud.google.com/java/docs/reference/google-cloud-bigquery/latest/com.google.cloud.bigquery.BigQuery) Java client.

### Service Account key file

A classic way to authenticate is to use a [Service Account key file](https://cloud.google.com/bigquery/docs/authentication/service-account-file).

This consists in creating a Google Cloud service account with the correct permissions, save the secret key on your machine and use it.

There are 2 common ways to use this service account key file to the BigQuery Java client:

* Put the path to the key file in the `GOOGLE_APPLICATION_CREDENTIALS` environment variable. See [Application Default Credentials](https://cloud.google.com/bigquery/docs/authentication/getting-started#application_default_credentials).
* Read the content of the key file and pass it to the client builder. See [Loading credentials from a file](https://cloud.google.com/bigquery/docs/authentication/service-account-file#loading_credentials_from_a_file).

### Authenticate as user

Instead of a service account, it is also possible to use the credentials of a specific user using OAuth2 flow.
This is a bit more advanced but can be achieved by following [this guide](https://cloud.google.com/bigquery/docs/authentication/end-user-installed).

## Permissions

The service account or user used by DirectQuery must have the permissions to access the datasets and run jobs in BigQuery.

A simple way to achieve this is to give the [BigQuery User](https://cloud.google.com/bigquery/docs/access-control#bigquery.user) and [BigQuery Data Viewer](https://cloud.google.com/bigquery/docs/access-control#bigquery.dataViewer) roles to the user.

If this is too many permissions, you can also create a role with this minimal set of permissions:

* `bigquery.datasets.get`
* `bigquery.jobs.create`
* `bigquery.readsessions.create`
* `bigquery.readsessions.getData`
* `bigquery.readsessions.update`
* `bigquery.routines.get`
* `bigquery.tables.get`
* `bigquery.tables.getData`
* `bigquery.tables.list`