Security
Security is a top priority. Masthead agent
does not query data in Data Warehouse
, it uses CDC logs produced by transactions executed in it. During the installation process next resources are created under your Google Cloud:
- Pub/Sub topic
masthead-topic
and subscriptionmasthead-agent-subscription

- Logs Router with included filter, which automatically publishes to Pub/Sub topic
masthead-topic

- To get metadata of BigQuery schema and its tables and views, the installation script creates
masthead_bq_schema_reader
custom role with next permissions:
bigquery.datasets.get
bigquery.tables.get
bigquery.tables.list
- Binds Masthead Service account to PubSub and newly created custom role. So Masthead Service Account has next roles granted to it:
masthead_bq_schema_reader
Pub/Sub Subscriber
For the On-Prem Deployment, in addition to the above-mentioned resources, Masthead Agent is deployed into your Google Cloud.
Last modified 6mo ago