Menu
I am trying to set permissions on BigQuery in order to have users being able to see and query tables on one dataset but being able to edit, create and delete tables on another dataset.
I'm not able to figure out how to do this "dataset-level segregation" on the Cloud Platform Console.
Ideal scenario would be:
Any ideas on how to do this?
260
2021 update:
The old UI (the original answer) has not been available for a long time, but the new UI (now called the regular BQ UI) now has this ability.
To change permissions on the new UI, it's a 3 step process:
First, you need to open the details of the dataset by clicking the contextual menu ⋮ on the dataset and selecting "Open" (clicking or double-clicking the dataset name will not open the details pane):
On the top bar of the details pane, you can open the ⁺👤 Sharing dropdown, and select "Permissions" to reveal the permissions sidebar:
On the open sidebar, click the ⁺👤 ADD PRINCIPAL button to open the contextual menu:
On the contextual menu, write the list of emails or Google groups that you want to grant access to, and select the right roles (roles/bigquery.dataViewer role for query permissions, roles/bigquery.dataEditor role for edit permissions):
2019 answer:
According to the docs, the permissions are set on a per-dataset basis, so what you want to accomplish is possible.
I can't see how to do that in the new interface (in https://console.cloud.google.com/bigquery), but it's quite easy to do so in the classic UI (in https://bigquery.cloud.google.com) by opening the drop-down next to the dataset and click on "Share dataset":
This will open the sharing panel, where you can select "Can view" for running queries, or "Can edit" to modify the dataset.
In the docs there are additional options, like using the CLI or the API, but I think the simplest way is to use the web UI.
56
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
