[ADAP-545] [Feature] Add support for Authrorized Datasets and dataset-level grants #594
Comments
akerone
added
type:enhancement
github-actions
bot
changed the title
|
Thanks for opening this feature request @akerone ! It sounds like making the revoke process easier is your primary goal? Did you consider an alternative using grant config inheritance in your
models:
project_name_here:
folder_name_containing_your_dataset_models:
+grants:
roles/bigquery.dataViewer: ['user:[email protected]', 'user:[email protected]'] |
dbeatty10
added
triage:awaiting-response
github-actions
bot
added
triage:product
|
Hi, sorry for the late response. Giving read permission directly to the tables is not an option, as we want to grant read access only to the authorized views. |
|
👍🏻 It makes a lot of sense to grant dataset-level permissions (which can even be executed via SQL), and I ran into needing this too. For example, you have a bunch of tables in your dataset. You want the user to see only specific ones. You need to grant:
|
|
This issue has been marked as Stale because it has been open for 180 days with no activity. If you would like the issue to remain open, please comment on the issue or else it will be closed in 7 days. |
* Fixes for incremental strategy py model.WIP * doc string * Remove extra comment * Uncomment change schema test * Update dbt/include/bigquery/macros/materializations/incremental.sql Add python language exception for time_ingestion_partitioning Co-authored-by: colin-rogers-dbt <[email protected]> * Remove tox command flag for test python * Adding the env vars in integration * Switch to cluster execution for the python models * Remove comment and add changie * Skipping tests since dataproc is unstable. Restoring default to serverless --------- Co-authored-by: colin-rogers-dbt <[email protected]>
* Update tox requirement from ~=4.10 to ~=4.11 Updates the requirements on [tox](https://github.com/tox-dev/tox) to permit the latest version. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](tox-dev/tox@4.10.0...4.11.1) --- updated-dependencies: - dependency-name: tox dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]> * Add automated changelog yaml from template for bot PR --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Github Build Bot <[email protected]>
Is this your first time submitting a feature request?
Describe the feature
The ability to configure Authorized Datasets in dbt-project.yml, similarly to Authorized Views. For example, a
+grant_access_to:where+schema:is also present at the same level could authorize the whole dataset rather than all individual views.The same goes for direct grants.
Describe alternatives you've considered
dbt currently achieves the same result although, in our opinion, a less user-friendly way. Giving permissions to every separate model becomes hell when it's time to revoke any of them.
Who will this benefit?
Every single BQ admin who's in any way concerned by security. It also indirectly solves dbt-labs/dbt-bigquery#126.
Are you interested in contributing this feature?
No response
Anything else?
No response
The text was updated successfully, but these errors were encountered: