BigQuery Dataset should not be anonymously or publicly accessible
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Description
It is recommended that the IAM policy on BigQuery datasets does not allow anonymous or public access.
Rationale
Granting permissions to allUsers
or allAuthenticatedUsers
allows any user access to the dataset. Such access might not be desirable if sensitive data is being stored in the dataset. Therefore, ensure that anonymous or public access to a dataset is not allowed.
Impact
The dataset is publicly accessible. Explicit modification of IAM privileges would be necessary to make them publicly accessible.
- Go to BigQuery by visiting: https://console.cloud.google.com/bigquery.
- Select the dataset from Resources.
- Click Sharing near the right side of the window and select Permissions.
- Review each attached role.
- Click the delete icon for each member
allUsers
or allAuthenticatedUsers
. On
the popup, click Remove.
From Google Cloud Console
List the name of all datasets.
Retrieve each dataset details using the following command:
bq show --format=prettyjson PROJECT_ID:DATASET_NAME > PATH_TO_FILE
In the access section of the JSON file, update the dataset information to remove all
roles containing allUsers
or allAuthenticatedUsers
.
bq update --source PATH_TO_FILE PROJECT_ID:DATASET_NAME
References
- https://cloud.google.com/bigquery/docs/control-access-to-resources-iam