What operations does the bigquery.readonly scope allow?

Question

The only documentation I can find on the scope

https://www.googleapis.com/auth/bigquery.readonly

is the exceedingly unhelpful brief blurb here which says "View Data in Bigquery." And I've searched high and low.

What operations does this correspond to? Can the user start asynchronous jobs? Can they fetch completed jobs? Can they run synchronous jobs? With or without destination tables? I'm looking for a scope that only allows running tabledata.list(), or fetching completed results of asynchronous jobs (i.e. does not allow the user to start queries but does allow them to get data of queries that have been run)

Answer 1

Operations that are allowed with a read-only scope:

• projects.list
• datasets.get
• datasets.list
• tables.get
• tables.list
• tabledata.list
• jobs.get
• jobs.list
• jobs.query
• jobs.getQueryResults

This is from looking at the code, so the list should be canonical. So in answer to your questions:

• Can the user start asynchronous jobs? Only jobs.query(), which does start an asynchronous job under the covers. (it often returns synchronously, but when it times out, you can get the results with jobs.getQueryResults().
• Can they fetch completed jobs? Yes ... either with jobs.get() or jobs.getQueryResults()
• Can they run synchronous jobs? Only via jobs.query().
• With or without destination tables? jobs.query() does not support specifying a destination table, so no, destination tables are not supported with the read-only scope.