How can I grant individual permissions in Google Cloud Platform for BigQuery users using python

1
votes

I need to set up very fine-grained access control for user accounts in GCP using a python script

I know that via UI/gcloud util I can give it role roles/big query. user, but it has a lot of other permissions I don't want this service account to have.

How can I grant individual permissions via python scripts?

1
google-cloud-platformgoogle-bigquery
have you tried this using this JSON API cloud.google.com/bigquery/docs/reference/rest/v2/datasets/…Umer
Can you be a little more specific to what you're trying to do?Graham Polley
@GrahamPolley I have created datasets like test1,test2,test3. I have many users like user1, user2,user3. I want to give access like user1 should access only test1 datasets and perform operations on test1 datasets and like this using python scripts.Pradeep Bhutare
I'm sorry. I still don't follow you.Graham Polley
@GrahamPolley datasets name : test1,test2 username : user1,user2 user 1 should access test1 datasets only. user1 should not able to do any operations on test2 datasets. He should be able to access only test1 datasets using pythonPradeep Bhutare

1 Answers

1
votes

Go to your BigQuery console, click into the arrow at the right of one dataset and then click into Share dataset

Share dataset

And then add the e-mail of the user here:

Add user

You can choose one of 3 roles available: Viewer/Owner/Editor.

Do this in every dataset to every user.

Update to do it via Python script

You can do it with a Python script following this small tutorial.

The code will be something like:

from google.cloud import bigquery
client = bigquery.Client()
dataset = client.get_dataset(client.dataset('dataset1'))

entry = bigquery.AccessEntry(
    role='READER',
    entity_type='userByEmail',
    entity_id='[email protected]')
assert entry not in dataset.access_entries
entries = list(dataset.access_entries)
entries.append(entry)
dataset.access_entries = entries

dataset = client.update_dataset(dataset, ['access_entries'])  # API request

#assert entry in dataset.access_entries