How can multiple users access my big query data without having them to log in to my google account?

Question

I have a google big query instance and data stored there in the form of data-sets/ tables. The requirement is to allow people to access my data with the following assumptions:

• People should not be required to log into my google account
• Every person will have access to some particular data meant only form him
• No person should be allowed to access any data not meant for him - in other words, the credentials of one person should expose only his data(maybe a few tables/ datasets)

What are the things that I need to do to achieve the above?

I'm thinking of taking advantage of service accounts that we can create in google cloud but I'm not sure whether that will work or not as I have not used big query before.

Answer 1

How can multiple users access my big query data without having them to log in to my google account?

They should not log into your google account independently what you would like to accomplish. As you stated, for multiple users to access Big Query without logging with your account, you need to make use of service accounts or Cloud IAM permissions.

Service accounts are typically used to represent non-human users that need to authenticate and be authorized to access data in Google APIs. An example of a scenario when you need to implement a service account would be:

• Running workloads on GCE instances (virtual machines).
• Running workloads on on-premises workstations or data centers that call Google APIs.

You can impersonate human action using service accounts. What I mean by this is you can have your user access the service account, which only has the permissions required by this user to perform actions on your BigQuery tables and/or data sets.

Here you can take a look at the different types of permissions available for BigQuery as well as the set of privileges each permissions gives to the users when giving the permissions specified.

Another option would be to use Cloud IAM permissions as I mentioned, but instead of giving the permissions to a set service account, you give the permission on to the user directly. In case you are working with X users, you can add his accounts on to your Cloud IAM permissions list, and give specific permissions to each user account. That way your users will only be able to access/write or read to the resources they have access to.

Here you will find a quickstart on how to begin adding permissions to a set user using the Cloud IAM permissions.

As far as the permissions are concerned, you can always refer to this document to see not only the permissions available for BigQuery but also for other resources offered in Google Cloud.

It is always a best practice to limit the amount of permissions your users have, either by manually adding the permissions to each user, or making your users use a service account with the set of permissions you would like to have access to.

I hope it helps.