Skip to content

GCP BigQuery dataset is publicly accessible

Description

Dataset-level permissions help determine which users, groups, and service accounts are allowed to access tables, views, and table data in a specific BigQuery dataset. You can configure BigQuery permissions at a higher level in the Cloud IAM resource hierarchy. Your configurations are inherited and based on the IAM structure you select to apply.

We recommend you ensure private datasets remain private by avoiding the All Authenticated Users option which gives all Google account holders access to the dataset, and makes the dataset public.

Fix - Buildtime

Terraform

resource "google_bigquery_dataset" "pass_special_group" {
  dataset_id                  = "example_dataset"
  friendly_name               = "test"
  description                 = "This is a test description"
  location                    = "US"

  access {
    role          = "READER"
    special_group = "projectReaders"
  }
}