Ensure GCP BigQuery dataset is not publicly accessible

Error: GCP BigQuery dataset is publicly accessible

Bridgecrew Policy ID: BC_GCP_GENERAL_7
Checkov Check ID: CKV_GCP_15
Bridgecrew Severity: CRITICAL
Prisma Cloud Severity: HIGH

Suggest Edits

GCP BigQuery dataset is publicly accessible

Description

Dataset-level permissions help determine which users, groups, and service accounts are allowed to access tables, views, and table data in a specific BigQuery dataset. You can configure BigQuery permissions at a higher level in the Cloud IAM resource hierarchy. Your configurations are inherited and based on the IAM structure you select to apply.

We recommend you ensure private datasets remain private by avoiding the All Authenticated Users option which gives all Google account holders access to the dataset, and makes the dataset public.

Fix - Buildtime

Terraform

resource "google_bigquery_dataset" "pass_special_group" {
  dataset_id                  = "example_dataset"
  friendly_name               = "test"
  description                 = "This is a test description"
  location                    = "US"

  access {
    role          = "READER"
    special_group = "projectReaders"
  }
}

Updated 4 months ago