Restrict Bigquery export to Cloud Storage

0
votes

I am currently exploring the GCP BigQuery IAM & Access Control.

The list of users can be managed through groups. Here's an example: 

Group A - Has access to BigQuery (BigQuery User Role, Viewer Access to specific datasets)
Group B - Has bucket-owner access to Cloud Storage

Common users who are in both groups have the ability to export data from BigQuery to Cloud Storage. So, what is the best practice to deny exporting certain BigQuery tables or data that is larger than a certain number of rows, so transactional data exports are restricted?

1
google-cloud-platformgoogle-bigquerygoogle-cloud-storage

1 Answers

0
votes

As you can see here, right now access controls can be applied to BigQuery datasets, but not to specific tables or views. Therefore, from a BigQuery perspective, your restrictions cannot be applied. Instead, you should use your own application to define the rules regarding the restrictions you seek.

However, given that the feature of restricting access to BigQuery tables and data with a big number of rows for exports, I have filed a feature request on your behalf as a Cloud Support representative. You can go to this link to check this request and follow the progress that is being made through it. You can click on the star icon on the top left corner to enable notification that will be sent to you whenever any progress has been made.