Gives dataset access for a single entity. This resource is intended to be used in cases where
it is not possible to compile a full list of access blocks to include in a
google_bigquery_dataset
resource, to enable them to be added separately.
To get more information about DatasetAccess, see:
resource "google_bigquery_dataset_access" "access" {
dataset_id = google_bigquery_dataset.dataset.dataset_id
role = "OWNER"
user_by_email = google_service_account.bqowner.email
}
resource "google_bigquery_dataset" "dataset" {
dataset_id = "example_dataset"
}
resource "google_service_account" "bqowner" {
account_id = "bqowner"
}
resource "google_bigquery_dataset_access" "access" {
dataset_id = google_bigquery_dataset.private.dataset_id
view {
project_id = google_bigquery_table.public.project
dataset_id = google_bigquery_dataset.public.dataset_id
table_id = google_bigquery_table.public.table_id
}
}
resource "google_bigquery_dataset" "private" {
dataset_id = "example_dataset"
}
resource "google_bigquery_dataset" "public" {
dataset_id = "example_dataset2"
}
resource "google_bigquery_table" "public" {
deletion_protection = false
dataset_id = google_bigquery_dataset.public.dataset_id
table_id = "example_table"
view {
query = "SELECT state FROM [lookerdata:cdc.project_tycho_reports]"
use_legacy_sql = false
}
}
resource "google_bigquery_dataset_access" "access" {
dataset_id = google_bigquery_dataset.private.dataset_id
dataset {
dataset{
project_id = google_bigquery_dataset.public.project
dataset_id = google_bigquery_dataset.public.dataset_id
}
target_types = ["VIEWS"]
}
}
resource "google_bigquery_dataset" "private" {
dataset_id = "private"
}
resource "google_bigquery_dataset" "public" {
dataset_id = "public"
}
resource "google_bigquery_dataset" "public" {
dataset_id = "public_dataset"
description = "This dataset is public"
}
resource "google_bigquery_routine" "public" {
dataset_id = google_bigquery_dataset.public.dataset_id
routine_id = "public_routine"
routine_type = "TABLE_VALUED_FUNCTION"
language = "SQL"
definition_body = <<-EOS
SELECT 1 + value AS value
EOS
arguments {
name = "value"
argument_kind = "FIXED_TYPE"
data_type = jsonencode({ "typeKind" = "INT64" })
}
return_table_type = jsonencode({ "columns" = [
{ "name" = "value", "type" = { "typeKind" = "INT64" } },
] })
}
resource "google_bigquery_dataset" "private" {
dataset_id = "private_dataset"
description = "This dataset is private"
}
resource "google_bigquery_dataset_access" "authorized_routine" {
dataset_id = google_bigquery_dataset.private.dataset_id
routine {
project_id = google_bigquery_routine.public.project
dataset_id = google_bigquery_routine.public.dataset_id
routine_id = google_bigquery_routine.public.routine_id
}
}
The following arguments are supported:
dataset_id
-
(Required)
A unique ID for this dataset, without the project name. The ID
must contain only letters (a-z, A-Z), numbers (0-9), or
underscores (_). The maximum length is 1,024 characters.role
-
(Optional)
Describes the rights granted to the user specified by the other
member of the access object. Basic, predefined, and custom roles are
supported. Predefined roles that have equivalent basic roles are
swapped by the API to their basic counterparts, and will show a diff
post-create. See
official docs.
user_by_email
-
(Optional)
An email address of a user to grant access to. For example:
fred@example.com
group_by_email
-
(Optional)
An email address of a Google Group to grant access to.
domain
-
(Optional)
A domain to grant access to. Any users signed in with the
domain specified will be granted the specified access
special_group
-
(Optional)
A special group to grant access to. Possible values include:
projectOwners
: Owners of the enclosing project.
projectReaders
: Readers of the enclosing project.
projectWriters
: Writers of the enclosing project.
allAuthenticatedUsers
: All authenticated BigQuery users.
iam_member
-
(Optional)
Some other type of member that appears in the IAM Policy but isn't a user,
group, domain, or special group. For example: allUsers
view
-
(Optional)
A view from a different dataset to grant access to. Queries
executed against that view will have read access to tables in
this dataset. The role field is not required when this field is
set. If that view is updated by any user, access to the view
needs to be granted again via an update operation.
Structure is documented below.
dataset
-
(Optional)
Grants all resources of particular types in a particular dataset read access to the current dataset.
Structure is documented below.
routine
-
(Optional)
A routine from a different dataset to grant access to. Queries
executed against that routine will have read access to tables in
this dataset. The role field is not required when this field is
set. If that routine is updated by any user, access to the routine
needs to be granted again via an update operation.
Structure is documented below.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
dataset_id
-
(Required)
The ID of the dataset containing this table.
project_id
-
(Required)
The ID of the project containing this table.
table_id
-
(Required)
The ID of the table. The ID must contain only letters (a-z,
A-Z), numbers (0-9), or underscores (_). The maximum length
is 1,024 characters.
dataset
-
(Required)
The dataset this entry applies to
Structure is documented below.
target_types
-
(Required)
Which resources in the dataset this entry applies to. Currently, only views are supported,
but additional target types may be added in the future. Possible values: VIEWS
dataset_id
-
(Required)
The ID of the dataset containing this table.
project_id
-
(Required)
The ID of the project containing this table.
dataset_id
-
(Required)
The ID of the dataset containing this table.
project_id
-
(Required)
The ID of the project containing this table.
routine_id
-
(Required)
The ID of the routine. The ID must contain only letters (a-z,
A-Z), numbers (0-9), or underscores (_). The maximum length
is 256 characters.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/datasets/{{dataset_id}}
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.delete
- Default is 20 minutes.This resource does not support import.
This resource supports User Project Overrides.