This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

bigquery.filteredDataViewer

Posted on 01-30-2025 02:06 PM
mdideles
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

What is the implication if the permissions is added to a custom role and granted the role at the Project level?    The documentation says not to grant manually with IAM - https://cloud.google.com/bigquery/docs/managing-row-level-security#filtered-data-viewer-role.

Please let me know your thoughts.

Solved Solved
0 2 215
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
mars124
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

Quoted directly from docs:

The bigquery.filteredDataViewer role must not be granted through IAM to a higher-level resource, such as a table, dataset, or project. Granting the role in this way lets users view rows defined by all row-level access policies within that scope, regardless of intended restrictions. While the union of row-level access policy filters might not encompass the entire table, this practice poses a significant security risk and undermines the purpose of row-level security.

We recommend managing the bigquery.filteredDataViewer role exclusively through row-level access policies. This method ensures that principals are granted the bigquery.filteredDataViewer role implicitly and correctly, respecting the defined filter predicates for each policy.

View solution in original post

Jump to Solution
2 REPLIES 2

Posted on --/--/---- --:-- AM
mars124
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

Quoted directly from docs:

The bigquery.filteredDataViewer role must not be granted through IAM to a higher-level resource, such as a table, dataset, or project. Granting the role in this way lets users view rows defined by all row-level access policies within that scope, regardless of intended restrictions. While the union of row-level access policy filters might not encompass the entire table, this practice poses a significant security risk and undermines the purpose of row-level security.

We recommend managing the bigquery.filteredDataViewer role exclusively through row-level access policies. This method ensures that principals are granted the bigquery.filteredDataViewer role implicitly and correctly, respecting the defined filter predicates for each policy.

Jump to Solution

Posted on --/--/---- --:-- AM
mdideles
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

thanks.  I also read this document.  On our side, we resolved not to open this permission via a custom role.

Jump to Solution
0 Likes
Top Solution Authors
View all