BigQuery datasets should only be accessible within the organisation
Using ‘allAuthenticatedUsers’ provides any GCP user - even those outside of your organisation - access to your BigQuery dataset.
Impact
Exposure of sensitive data to the public iniernet
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Configure access permissions with higher granularity
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
resource "google_bigquery_dataset" "good_example" {
dataset_id = "example_dataset"
friendly_name = "test"
description = "This is a test description"
location = "EU"
default_table_expiration_ms = 3600000
labels = {
env = "default"
}
access {
role = "OWNER"
user_by_email = google_service_account.bqowner.email
}
access {
role = "READER"
domain = "hashicorp.com"
}
}
resource "google_service_account" "bqowner" {
account_id = "bqowner"
}
|