Is it possible to restrict a service account to a specific Big Query dataset?

3
votes

I've been able to create a Google service account that can access Big Query within my application, but I'm trying to limit that service account to only be able to read from a very specific dataset (among may possible datasets in the application).

I thought that this question might give me guidance, but the solution unfortunately didn't end up providing specifics:

How to create a Google BigQuery service account with access to a single dataset?

Does anyone know if it's possible to restrict a specific service account to a single dataset?

1
google-bigquery

1 Answers

5
votes

It's possible to restrict access to only certain datasets for service account. Instead of adding the email address of the service account at the IAM level in the GCP console, instead "share" the dataset in question and add the email address there. Then the service account will only have access to that dataset(s).

enter image description here