Project-based permission system

The invention claimed is: 1. A computer-implemented method, implemented by a computing system, the method comprising: receiving, from a client device associated with a user or from a service, a job associated with a project, wherein the project is associated with one or more data sources; identifying a plurality of inputs and a plurality of outputs associated with the job; determining, based on a policy object, first permissions corresponding to the client device or the service and associated with an execution of the job, wherein: each of the first permissions comprises an operation on a data source, the operation corresponding to at least one of the inputs or the outputs, the data source is associated with a parent data source from which the data source depends, the policy object comprises a structure that includes an identifier of the parent data source and second permissions associated with the parent data source, and the first permissions are determined based on the second permissions; verifying that the one or more data sources associated with the project comprise the data source associated with each of the first permissions; and generating a token associated with the job, the token encoding the first permissions. 2. The computer-implemented method of claim 1 , wherein the job comprises one or more data transformations. 3. The computer-implemented method of claim 1 , wherein the one or more data sources associated with the project comprise: one or more data sources internal to the project; or one or more data sources external to the project, wherein the project comprises a reference to each of the one or more data sources external to the project. 4. The computer-implemented method of claim 1 , wherein the one or more required permissions comprise: reading data from a data source external to the project; or writing to a data source external to the project. 5. The computer-implemented method of claim 1 , further comprising: communicating, to the client device or the service, a response approving the request. 6. The computer-implemented method of claim 5 , further comprising: obtaining a result associated with execution of the one or more data transformations; verifying that the service possesses one or more access permissions associated with accessing the result; and providing the result to the service. 7. The computer-implemented method of claim 1 , wherein the service comprises a first service, the request comprises a first request, and the computer-implemented method further comprising: receiving, from a second service, a second request to execute one or more data transformations, wherein the second request comprises the token associated with the job; determining that at least one of the one or more data transformations require a permission exceeding the permissions encoded in the token; and communicating, to the second service, a response denying the request. 8. The computer-implemented method of claim 1 , wherein the first permissions further correspond to a different client device or a different service, and further comprising: receiving a request from the client device or the service for the token; determining whether the client device or the service is authorized to execute the job based on the permissions; in response to determining that the client device or the service is authorized to execute the job, granting the token to the client device or the service to enable the client device or the service to execute the job and storing a connection between the token and the client device or the service; determining whether the client device or the service has completed execution of the job; depending on the determination of whether the client device or the service has completed execution of the job, selectively removing the stored connection between the token and the client device or the service, wherein the job is inaccessible to the client device or the service using the token following the removal of the stored connection; and selectively transmitting a result of the execution of the job to the different client device or the different service based on whether the different client device or the different service is authorized to access the result, wherein the first permissions further correspond to the different client device or the different service. 9. A system comprising: at least one processor; and a memory storing instructions that, when executed by the at least one processor, cause the system to perform operations comprising: receiving, from a client device associated with a user or from a service, a job associated with a project, wherein the project is associated with one or more data sources; identifying a plurality of inputs and a plurality of outputs associated with the job; determining, based on a policy object, first permissions corresponding to the client device or the service and associated with an execution of the job, wherein: each of the first permissions comprises an operation on a data source, the operation corresponding to at least one of the inputs or the outputs, the data source is associated with a parent data source from which the data source depends, and the policy object comprises a structure that includes an identifier of the parent data source and second permissions associated with the parent data source, and the first permissions are determined based on the second permissions; verifying that the one or more data sources associated with the project comprise the data source associated with each of the first permissions; and generating a token associated with the job, the token encoding the first permissions. 10. The system of claim 9 , wherein the job comprises one or more data transformations. 11. The system of claim 9 , wherein the one or more data sources associated with the project comprise: one or more data sources internal to the project; or one or more data sources external to the project, wherein the project comprises a reference to each of the one or more data sources external to the project. 12. The system of claim 9 , wherein the one or more required permissions comprise: reading data from a data source external to the project; or writing to a data source external to the project. 13. The system of claim 9 , wherein the operations further comprise: communicating, to the client device or the service, a response approving the request. 14. The system of claim 13 , wherein the operations further comprise: obtaining a result associated with execution of the one or more data transformations; verifying that the service possesses one or more access permissions associated with accessing the result; and providing the result to the service. 15. A non-transitory computer-readable storage medium including instructions that, when executed by at least one processor of a computing system cause the computing system to perform operations comprising: receiving, from a client device associated with a user or from a service, a job associated with a project, wherein the project is associated with one or more data sources; identifying a plurality of inputs and a plurality of outputs associated with the job; determining, based on a policy object, first permissions corresponding to the client device or the service and associated with an execution of the job, wherein: each of the first permissions comprises an operation on a data source, the operation corresponding to at least one of the inputs or the outputs, the data source is associated with a parent data source from which the data source depends, and the poli