GCP Permissions and Security
CloudZero connects to your GCP data using read-only access. You control all permissions, and connections do not update themselves.
How the connection works (service account)
CloudZero reads data from your BigQuery tables using a GCP service account. Each connection displays a Service Account ID that you grant the BigQuery Data Viewer role on the specific tables you choose to share. CloudZero cannot access any data beyond what you explicitly authorize.
For setup instructions, see GCP Billing Data or GCP Recommender.
What CloudZero accesses
| Connection type | Tables | Role | Data collected |
|---|---|---|---|
| Billing | Detailed usage cost data export | BigQuery Data Viewer | Usage and cost data across all services in the billing account |
| Recommender | insights_export and recommendations_export | BigQuery Data Viewer | Optimization insights and recommendations for your GCP resources |
Supported currencies
CloudZero supports GCP cost data in USD by default. During billing connection setup, you can choose to keep your account's local currency instead. This setting cannot be changed after the connection is created. See Step 2 of GCP Billing Data for details.
Have questions or feedback? Reach out to your account manager.
Updated 28 days ago