如何限制谷歌云平台“BigQuery Metadata Viewer”权限?
[英]How to limit Google Cloud Platform "BigQuery Metadata Viewer" permission?
问题描述
I have 10 tables under my dataset.
我的数据集下有 10 个表。 I need to create "BigQuery Metadata Viewer" permission but would like to neglect 2 tables under my dataset.我需要创建“BigQuery 元数据查看器”权限,但想忽略我的数据集下的 2 个表。 So that BigQuery Metadata Viewer policy only will be able to access 8 tables.因此,BigQuery 元数据查看器策略只能访问 8 个表。
I see that there is "condition" tab but could not figure out how to apply such a condition here.我看到有“条件”选项卡,但不知道如何在此处应用此类条件。
2 个解决方案
解决方案1
0 已采纳 2022-02-11 16:54:20
IAM condition is a nice way to solve that issue, but it's not available forBigQuery resources . IAM 条件是解决该问题的好方法,但它不适用于BigQuery 资源。
The solution here is to have 2 datasets这里的解决方案是有 2 个数据集
- One with the 8 tables and the permission to view the metadata一个拥有 8 个表和查看元数据的权限
- one with the 2 other tables without the permission to view the metadata.一个与其他 2 个表没有查看元数据的权限。
解决方案2
0 2022-02-11 18:33:12
You can use the GRANT statement using the role bigquery.metadataViewer or dataviewer .You can set this role to table level, the user will have permission to a specific table, and won't see listed tables.您可以使用角色bigquery.metadataViewer或dataviewer使用GRANT语句。您可以将此角色设置为表级别,用户将有权访问特定表,并且不会看到列出的表。 In this case, you need to know the name tables.在这种情况下,您需要知道名称表。
Take a look to this example:看看这个例子:
GRANT `roles/bigquery.metadataViewer`
ON TABLE `my_dataset._my_table`
TO "user:user@domain.com"
Additionally, you can set this role at dataset level, this will grant access to read and list all the tables from the dataset.此外,您可以在数据集级别设置此角色,这将授予读取和列出数据集中所有表的权限。
Here's an example:这是一个例子:
GRANT `roles/bigquery.metadataViewer`
ON schema `project_name.dataset_name`
TO "user:mail@mail.com"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.