BigQuery How to remove inherited access to a dataset

0
votes

I have been providing access to datasets in BigQuery using the Share Dataset option for some time now. No problem.

But now, I have a specific requirement: I need to provide access to specific people/account/group but I don't want inherited access to work on this dataset.

I mean, I really need to provide access only to specific people to this dataset, so that not even inherited access work.

Is that possible? And if so, how can I do that?

To add more context. There is a dataset which should be available only for one Service Account (the one populating it) and some specific consumer account (HR) as it will contain sensitive data.

Problem is that our project already contains a couple of BigQuery Admin accounts and they of course inherit permissions over the dataset.

1
google-cloud-platformgoogle-bigquery
Hi! Can you check this post, and accepted answer? Does it resolve your problem?aga
Thanks for replying. I can already do what's explained in the post: Limiting access for a user or service account to specific resources but restricting it to others is not a problem. Our requirement is more about restricting a resource (in this case a Dataset) to specific entities (users/services accounts), so we need to remove inherited permissions.Omar Centi
You might find a solution to this problem - but what happens if the admins are able to change the permissions (as they should be able to as admins), and add themselves back?Felipe Hoffa

1 Answers

1
votes

I don't think it would be possible as Project level roles are inherited automatically. Making new project may be helpful.