Reputation: 512
Bigquery service account restricted to a dataset
Is it possible to create a bigquery service account to limit access to only 1 dataset? When I go through the service account generation process it appears to give access to an entire project and does not show options to limit to a specific data set.
Upvotes: 4
Views: 2237
Answers (2)
Reputation: 742
Although this comment is late, but i would like to point out what I've done based on Daniel's answer to make it work:
- In the IAM page, I assign the
BigQuery Job Userfor my service account, let's say that the service account is A. - In the dataset list page, let's say I've 2 datasets: B and C, and I only want dataset B can be accessed by the service account A, then what I need to do is choose dataset B -> click on "share" -> click on "manages permissions" and assign the
BigQuery User,BigQuery Data Viewer,BigQuery Data Editorrole to service account A.
Now only service account A can access to dataset B.
Hope it's helped.
Upvotes: 0
Reputation: 3034
Short answer is yes. But to do it you do not assign the privileges at the project level. You need to actually go and modify the dataset to do it. Check the documentation here: https://cloud.google.com/bigquery/docs/dataset-access-controls
It outlines the process with a few different methods.
Upvotes: 1
Related Questions
- Limit google account to use ONLY big query
- Google BigQuery: grant service account permissions to create jobs in only some specific datasets
- How to create a service account for a bigquery dataset from the cli
- BigQuery grant access to specific datasets
- Is it possible to limit a Google service account to specific BigQuery datasets within a project?
- Is it possible to restrict a service account to a specific Big Query dataset?
- How to restrict accessing resource from a service account in GCP
- Service account -- limiting access to only big query
- Bigquery: manage service accounts
- How to create a Google BigQuery service account with access to a single dataset?