Connect BigQuery

Streya connects to BigQuery with a service account — a dedicated, non-human identity you create in Google Cloud and scope to the data Streya should see.

What you’ll prepare

• A Google Cloud service account with read-only access to the relevant datasets.
• The service account’s JSON key file.

1. Create a service account

In the Google Cloud console:

1. Select the project that contains your data.
2. Go to IAM & Admin → Service Accounts → Create service account.
3. Name it something recognizable, e.g. streya-reader.

2. Grant read-only access

The service account needs two things: permission to read the data and permission to run queries.

Grant these roles:

Role	Why
BigQuery Data Viewer (roles/bigquery.dataViewer)	Read tables and their schemas
BigQuery Job User (roles/bigquery.jobUser)	Run queries in the project

Scope to specific datasets

You don’t have to grant Data Viewer project-wide. To limit Streya to specific datasets, grant the role on each dataset instead: open the dataset in the BigQuery console → Sharing → Permissions → Add principal, and add the service account with BigQuery Data Viewer. Keep Job User at the project level.

3. Create a JSON key

1. Open the service account → Keys → Add key → Create new key.
2. Choose JSON and download the file.

The key file looks like this:

{
  "type": "service_account",
  "project_id": "your-project-id",
  "private_key_id": "…",
  "private_key": "-----BEGIN PRIVATE KEY-----\n…\n-----END PRIVATE KEY-----\n",
  "client_email": "streya-reader@your-project-id.iam.gserviceaccount.com",
  "client_id": "…",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token"
}

Streya requires the type, project_id, private_key, and client_email fields — the standard key file contains all of them, so you can use the file as-is.

4. Connect it in Streya

In Streya, go to Workspace settings → Data Warehouse and choose BigQuery, then provide your key:

Field	What to enter
Service Account Key (JSON)	Upload the JSON key file, or paste its full contents

Click Connect Data Warehouse. Streya runs a test query and shows the connection status. Your credentials are encrypted and stored in a dedicated secrets manager — see Data connections for how credentials are handled.

Troubleshooting

Note

If your first connection attempt fails, Streya currently shows a generic Failed to connect to data warehouse message — work through the checks below to find the cause. Once a connection is established, the Test Connection button reports the specific error BigQuery returned (for example, the Access Denied and permission messages below).

• Access Denied on a table — the service account is missing Data Viewer on that table’s dataset.
• Permission denied while creating job — the service account is missing Job User at the project level.
• Key rotation — if your security policy rotates keys, generate a new JSON key, then open Workspace settings → Data Warehouse → Edit Connection and paste the new key; the connection is updated without downtime.