BigQuery dataset is public accessible

ID

gcp_big_query_dataset_public

Severity

high

Vendor

GCP

Resource

AIM

Tags

reachable

Description

Datasets are top-level containers that are used to organize and control access to your tables and views.

Access to datasets should be handled with less permission principle. Allow open access to dataset only when necessary.

To fix it, you must configure the access.special-group property without allAuthenticatedUsers value.

Learn more about this topic at BigQuery - Data Governance Security framework.

Examples

---
- name: new dataset example
  google.cloud.gcp_bigquery_dataset:
    name: test_dataset
    dataset_reference:
      dataset_id: test_dataset
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present
    access:
      special_group: allAuthenticatedUsers

Mitigation / Fix

---
- name: new dataset example
  google.cloud.gcp_bigquery_dataset:
    name: test_dataset
    dataset_reference:
      dataset_id: test_dataset
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present
    access:
      special_group: projectReaders