What is the correct Cloud Resource Manager URI for getIamPolicy on a Google BigQuery Dataset

1
votes

I would like to set a fine-grained, resource-specific IAM policy for a single Google BigQuery Dataset. The documentation I've found so far only explains how to get and set IAM policies for the project resource e.g. https://cloudresourcemanager.googleapis.com/v1/projects/<project-id>:getIamPolicy.

I am trying to get the policy for a resource within a project, specifically a Google BigQuery dataset with an API URL like this: https://www.googleapis.com/bigquery/v2/projects/<project-id>/datasets/<dataset-id>.

I have tried a number of obvious-looking URIs like

  • https://www.googleapis.com/bigquery/v2/projects/<project-id>/datasets/<dataset-id>:getIamPolicy
  • https://cloudresourcemanager.googleapis.com/v1/projects/<project-id>/datasets/<dataset-id>:getIamPolicy

but have hit 404 errors. Does anyone know the correct URL pattern for IAM policies for Google BigQuery Datasets?

1
google-cloud-platformgoogle-bigquerygoogle-iam

1 Answers

2
votes

I am trying to get the policy for a resource within a project, specifically a Google BigQuery dataset ...

You already have it in your question - you should use GET https://www.googleapis.com/bigquery/v2/projects/<projectId>/datasets/<datasetId> and in response you should look for access property

From documentation:

Access is an array of objects that define dataset access for one or more entities. You can set this property when inserting or updating a dataset in order to control who is allowed to access the data. If unspecified at dataset creation time, BigQuery adds default dataset access for the following entities:

access.specialGroup: projectReaders; access.role: READER; access.specialGroup: projectWriters; access.role: WRITER; access.specialGroup: projectOwners; access.role: OWNER; access.userByEmail: [dataset creator email]; access.role: OWNER;

And, if you want to change access - you should use PATCH https://www.googleapis.com/bigquery/v2/projects/<projectId>/datasets/<datasetId> or PUT https://www.googleapis.com/bigquery/v2/projects/<projectId>/datasets/<datasetId>