[英]How to create a Google BigQuery service account with access to a single dataset?
Is there any way of granting readonly access to a specific BigQuery Dataset to a given Client ID ? 有没有办法授予对给定客户端ID的特定BigQuery数据集的只读访问权限?
I've tried using a service account, but this gives full access to all datasets. 我尝试过使用服务帐户,但这样可以完全访问所有数据集。
Also tried creating a service account from a different application, and added the email address generated together with the certificate to the BigQuery > Some Dataset > Share Dataset > Can view, but this always results in a 403 "Access not Configured" error. 还尝试从其他应用程序创建服务帐户,并将与证书一起生成的电子邮件地址添加到BigQuery> Some Dataset> Share Dataset> Can view,但这总是会导致403“Access not Configured”错误。
I'm using the server to server flow described in the documentation : 我正在使用文档中描述的服务器到服务器流程:
import httplib2
from apiclient.discovery import build
from oauth2client.client import SignedJwtAssertionCredentials
# REPLACE WITH YOUR Project ID
PROJECT_NUMBER = 'XXXXXXXXXXX'
# REPLACE WITH THE SERVICE ACCOUNT EMAIL FROM GOOGLE DEV CONSOLE
SERVICE_ACCOUNT_EMAIL = 'XXXXX@developer.gserviceaccount.com'
f = file('key.p12', 'rb')
key = f.read()
f.close()
credentials = SignedJwtAssertionCredentials(
SERVICE_ACCOUNT_EMAIL,
key,
scope='https://www.googleapis.com/auth/bigquery.readonly')
http = httplib2.Http()
http = credentials.authorize(http)
service = build('bigquery', 'v2')
tables = service.tables()
response = tables.list(projectId=PROJECT_NUMBER, datasetId='SomeDataset').execute(http)
print(response)
I'm basically trying to provide readonly access to an external server based application to a single dataset. 我基本上试图提供对基于外部服务器的应用程序的只读访问权限到单个数据集。
正如Fh所指出的,需要在创建服务帐户的Google帐户中激活BigQuery API,而不管它是否将查询绑定到不同应用程序ID的BigQuery端点。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.