Set grants on dataset level in BigQuery

chricko · October 14, 2022, 2:12pm

Hi, i am trying to set specific viewer-access in BigQuery on a dataset through dbt and dbt_project.yml file.

a_folder_in_models:
  +dataset: some_dataset
  +grants:
     roles/bigquery.dataViewer: ['group:group@company.com']

But when i execute dbt run it will set it on table/view level. At my company we wan’t to set these type of view-access to different ad-groups on dataset level. We wan’t to control these through the file dbt_project.yml and not inside every model.

Is there a solution to this? Maybe a macro that will solve it? Or am i just doing it wrong in our dbt_project.yml.

minhajpasha · October 14, 2022, 10:38pm

Hello, If you are creating datasets via terraform, then tf would be best place for this use case . If you are looking via dbt please use post hooks (defined in dbt_project.yml) or define macro with list of grant SQL statements and call macro on-run-start or on-run-end based on your use case.

I have done the extensive analysis around grants for bq. You can go thru in below link

chricko · October 17, 2022, 6:43am

No we are creating the datasets via dbt. Looking into creating a macro for setting the grant on dataset level instead.

Topic		Replies	Views
Using Grants in a target-specific way Help best-practice , environments , orchestration-and-deployment , privileges	8	2354	October 4, 2022
Test DBT Cloud (free version) over a personnal Bigquery Personnal project Help	0	392	December 7, 2023
DBT select Big Query table from different Big Query Project Help bigquery , dbt-cloud , dbt-core	1	765	November 21, 2023
Dbt cloud - test free version - limitations Help	1	344	January 8, 2024
Configuring dbt Cloud to Differentiate Between Development and Production Environments in BigQuery Help bigquery	0	551	November 27, 2023

Set grants on dataset level in BigQuery

Related Topics