Skip to content

Commit 9ce87ea

Browse files
chrismorgan-hbdanawillow
chrismorgan-hb
authored and
danawillow
committed
hashicorp#644 Add Support For BigQuery Access Control (hashicorp#1931)
* Updates based on PR comments * Fix markdown nested list * Second round of feedback * Clarify pick one docs
1 parent 1b39a2e commit 9ce87ea

File tree

1 file changed

+46
-0
lines changed

1 file changed

+46
-0
lines changed

docs/r/bigquery_dataset.html.markdown

+46
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,15 @@ resource "google_bigquery_dataset" "default" {
2626
labels {
2727
env = "default"
2828
}
29+
30+
access {
31+
role = "READER"
32+
domain = "example.com"
33+
}
34+
access {
35+
role = "WRITER"
36+
group_by_email = "[email protected]"
37+
}
2938
}
3039
```
3140

@@ -73,6 +82,43 @@ The following arguments are supported:
7382

7483
* `labels` - (Optional) A mapping of labels to assign to the resource.
7584

85+
* `access` - (Optional) An array of objects that define dataset access for
86+
one or more entities. Structure is documented below.
87+
88+
The `access` block supports the following fields (exactly one of `domain`,
89+
`group_by_email`, `special_group`, `user_by_email`, or `view` must be set,
90+
even though they are marked optional):
91+
* `role` - (Required unless `view` is set) Describes the rights granted to
92+
the user specified by the other member of the access object. The following
93+
string values are supported: `READER`, `WRITER`, `OWNER`.
94+
95+
* `domain` - (Optional) A domain to grant access to.
96+
97+
* `group_by_email` - (Optional) An email address of a Google Group to grant
98+
access to.
99+
100+
* `special_group` - (Optional) A special group to grant access to.
101+
Possible values include:
102+
* `projectOwners`: Owners of the enclosing project.
103+
* `projectReaders`: Readers of the enclosing project.
104+
* `projectWriters`: Writers of the enclosing project.
105+
* `allAuthenticatedUsers`: All authenticated BigQuery users.
106+
107+
* `user_by_email` - (Optional) An email address of a user to grant access to.
108+
109+
* `view` - (Optional) A view from a different dataset to grant access to.
110+
Queries executed against that view will have read access to tables in this
111+
dataset. The role field is not required when this field is set. If that
112+
view is updated by any user, access to the view needs to be granted again
113+
via an update operation. Structure is documented below.
114+
115+
The `access.view` block supports:
116+
* `dataset_id` - (Required) The ID of the dataset containing this table.
117+
118+
* `project_id` - (Required) The ID of the project containing this table.
119+
120+
* `table_id` - (Required) The ID of the table.
121+
76122
## Attributes Reference
77123

78124
In addition to the arguments listed above, the following computed attributes are

0 commit comments

Comments
 (0)