This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Authorise all BigQuery datasets internal to a project

Posted on 01-19-2024 02:18 AM
ryano
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I want a way to grant access between all datasets in a single GCP project by default. When a new dataset is created I want access to all datasets to be granted by default without having to update the metadata on all datasets each time a new dataset is created.

There doesn't appear to be a way to do this and if I'm creating a multiple new datasets in a single project then I have to retrospectively update all datasets in that project. Has anyone attempted to tackle this issue yet?

0 3 463
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
mdideles
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Out of curiosity, why do you want datasets to be authorized to each other in your project by default?

In our use case, we've seen there's security implication with this, so we only authorized what's needed.  You can create a script or a stored procedure that will do the dataset authorizations the way you want it every time you create a new dataset.

Posted on --/--/---- --:-- AM
kolban
Staff
Reply posted on --/--/---- --:-- AM

What do you mean by "... grant access between all datasets in a single GCP project by default".   I am imagining that you have a user or group and you want those users/groups to be able to access the tables contained in all the datasets in the project.  I am imagining that you don't want to create a dataset and THEN explicitly authorize those users/groups on that dataset ... is this the correct thinking?   If yes, then you would set the BigQuery roles to the users/group at the GCP project level rather than the individual dataset level.  Setting IAM roles at the project level causes inheritance of those permission sets when access is requested on any dataset within the project.

0 Likes

Posted on --/--/---- --:-- AM
ryano
Bronze 1
Bronze 1
In response to kolban
Reply posted on --/--/---- --:-- AM

The use case I have is that, when I create multiple datasets belonging to a single GCP Project, I have to create "Authorise Dataset" access to grant access for a view in one dataset to be able to query another view or table from a different dataset. For this particular scenario I'm not interested in person, groups and service accounts having permissions to execute or query views or tables, I handle those permissions at a table level.

0 Likes
Top Solution Authors
View all