Dataset
Three different resources help you manage your IAM policy for BigQuery dataset. Each of these resources serves a different use case:
gcp.bigquery.DatasetIamPolicy: Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.gcp.bigquery.DatasetIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.gcp.bigquery.DatasetIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved. These resources are intended to convert the permissions system for BigQuery datasets to the standard IAM interface. For advanced usages, including creating authorized views, please use eithergcp.bigquery.DatasetAccessor theaccessfield ongcp.bigquery.Dataset.
Note: These resources cannot be used with
gcp.bigquery.DatasetAccessresources or theaccessfield ongcp.bigquery.Datasetor they will fight over what the policy should be. Note: Using any of these resources will remove any authorized view permissions from the dataset. To assign and preserve authorized view permissions use thegcp.bigquery.DatasetAccessinstead. Note: Legacy BigQuery rolesOWNERWRITERandREADERcannot be used with any of these IAM resources. Instead use the full role form of:roles/bigquery.dataOwnerroles/bigquery.dataEditorandroles/bigquery.dataViewer. Note:gcp.bigquery.DatasetIamPolicycannot be used in conjunction withgcp.bigquery.DatasetIamBindingandgcp.bigquery.DatasetIamMemberor they will fight over what your policy should be. Note:gcp.bigquery.DatasetIamBindingresources can be used in conjunction withgcp.bigquery.DatasetIamMemberresources only if they do not grant privilege to the same role.
gcp.bigquery.DatasetIamPolicy
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const owner = gcp.organizations.getIAMPolicy({
bindings: [{
role: "roles/bigquery.dataOwner",
members: ["user:jane@example.com"],
}],
});
const datasetDataset = new gcp.bigquery.Dataset("dataset", {datasetId: "example_dataset"});
const dataset = new gcp.bigquery.DatasetIamPolicy("dataset", {
datasetId: datasetDataset.datasetId,
policyData: owner.then(owner => owner.policyData),
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
owner = gcp.organizations.get_iam_policy(bindings=[{
"role": "roles/bigquery.dataOwner",
"members": ["user:jane@example.com"],
}])
dataset_dataset = gcp.bigquery.Dataset("dataset", dataset_id="example_dataset")
dataset = gcp.bigquery.DatasetIamPolicy("dataset",
dataset_id=dataset_dataset.dataset_id,
policy_data=owner.policy_data)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var owner = Gcp.Organizations.GetIAMPolicy.Invoke(new()
{
Bindings = new[]
{
new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs
{
Role = "roles/bigquery.dataOwner",
Members = new[]
{
"user:jane@example.com",
},
},
},
});
var datasetDataset = new Gcp.BigQuery.Dataset("dataset", new()
{
DatasetId = "example_dataset",
});
var dataset = new Gcp.BigQuery.DatasetIamPolicy("dataset", new()
{
DatasetId = datasetDataset.DatasetId,
PolicyData = owner.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData),
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
owner, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
{
Role: "roles/bigquery.dataOwner",
Members: []string{
"user:jane@example.com",
},
},
},
}, nil)
if err != nil {
return err
}
datasetDataset, err := bigquery.NewDataset(ctx, "dataset", &bigquery.DatasetArgs{
DatasetId: pulumi.String("example_dataset"),
})
if err != nil {
return err
}
_, err = bigquery.NewDatasetIamPolicy(ctx, "dataset", &bigquery.DatasetIamPolicyArgs{
DatasetId: datasetDataset.DatasetId,
PolicyData: pulumi.String(owner.PolicyData),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
import com.pulumi.gcp.bigquery.Dataset;
import com.pulumi.gcp.bigquery.DatasetArgs;
import com.pulumi.gcp.bigquery.DatasetIamPolicy;
import com.pulumi.gcp.bigquery.DatasetIamPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var owner = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
.bindings(GetIAMPolicyBindingArgs.builder()
.role("roles/bigquery.dataOwner")
.members("user:jane@example.com")
.build())
.build());
var datasetDataset = new Dataset("datasetDataset", DatasetArgs.builder()
.datasetId("example_dataset")
.build());
var dataset = new DatasetIamPolicy("dataset", DatasetIamPolicyArgs.builder()
.datasetId(datasetDataset.datasetId())
.policyData(owner.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
.build());
}
}Content copied to clipboard
resources:
dataset:
type: gcp:bigquery:DatasetIamPolicy
properties:
datasetId: ${datasetDataset.datasetId}
policyData: ${owner.policyData}
datasetDataset:
type: gcp:bigquery:Dataset
name: dataset
properties:
datasetId: example_dataset
variables:
owner:
fn::invoke:
Function: gcp:organizations:getIAMPolicy
Arguments:
bindings:
- role: roles/bigquery.dataOwner
members:
- user:jane@example.comContent copied to clipboard
gcp.bigquery.DatasetIamBinding
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const dataset = new gcp.bigquery.Dataset("dataset", {datasetId: "example_dataset"});
const reader = new gcp.bigquery.DatasetIamBinding("reader", {
datasetId: dataset.datasetId,
role: "roles/bigquery.dataViewer",
members: ["user:jane@example.com"],
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
dataset = gcp.bigquery.Dataset("dataset", dataset_id="example_dataset")
reader = gcp.bigquery.DatasetIamBinding("reader",
dataset_id=dataset.dataset_id,
role="roles/bigquery.dataViewer",
members=["user:jane@example.com"])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var dataset = new Gcp.BigQuery.Dataset("dataset", new()
{
DatasetId = "example_dataset",
});
var reader = new Gcp.BigQuery.DatasetIamBinding("reader", new()
{
DatasetId = dataset.DatasetId,
Role = "roles/bigquery.dataViewer",
Members = new[]
{
"user:jane@example.com",
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
dataset, err := bigquery.NewDataset(ctx, "dataset", &bigquery.DatasetArgs{
DatasetId: pulumi.String("example_dataset"),
})
if err != nil {
return err
}
_, err = bigquery.NewDatasetIamBinding(ctx, "reader", &bigquery.DatasetIamBindingArgs{
DatasetId: dataset.DatasetId,
Role: pulumi.String("roles/bigquery.dataViewer"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.bigquery.Dataset;
import com.pulumi.gcp.bigquery.DatasetArgs;
import com.pulumi.gcp.bigquery.DatasetIamBinding;
import com.pulumi.gcp.bigquery.DatasetIamBindingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var dataset = new Dataset("dataset", DatasetArgs.builder()
.datasetId("example_dataset")
.build());
var reader = new DatasetIamBinding("reader", DatasetIamBindingArgs.builder()
.datasetId(dataset.datasetId())
.role("roles/bigquery.dataViewer")
.members("user:jane@example.com")
.build());
}
}Content copied to clipboard
resources:
reader:
type: gcp:bigquery:DatasetIamBinding
properties:
datasetId: ${dataset.datasetId}
role: roles/bigquery.dataViewer
members:
- user:jane@example.com
dataset:
type: gcp:bigquery:Dataset
properties:
datasetId: example_datasetContent copied to clipboard
gcp.bigquery.DatasetIamMember
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const dataset = new gcp.bigquery.Dataset("dataset", {datasetId: "example_dataset"});
const editor = new gcp.bigquery.DatasetIamMember("editor", {
datasetId: dataset.datasetId,
role: "roles/bigquery.dataEditor",
member: "user:jane@example.com",
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
dataset = gcp.bigquery.Dataset("dataset", dataset_id="example_dataset")
editor = gcp.bigquery.DatasetIamMember("editor",
dataset_id=dataset.dataset_id,
role="roles/bigquery.dataEditor",
member="user:jane@example.com")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var dataset = new Gcp.BigQuery.Dataset("dataset", new()
{
DatasetId = "example_dataset",
});
var editor = new Gcp.BigQuery.DatasetIamMember("editor", new()
{
DatasetId = dataset.DatasetId,
Role = "roles/bigquery.dataEditor",
Member = "user:jane@example.com",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
dataset, err := bigquery.NewDataset(ctx, "dataset", &bigquery.DatasetArgs{
DatasetId: pulumi.String("example_dataset"),
})
if err != nil {
return err
}
_, err = bigquery.NewDatasetIamMember(ctx, "editor", &bigquery.DatasetIamMemberArgs{
DatasetId: dataset.DatasetId,
Role: pulumi.String("roles/bigquery.dataEditor"),
Member: pulumi.String("user:jane@example.com"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.bigquery.Dataset;
import com.pulumi.gcp.bigquery.DatasetArgs;
import com.pulumi.gcp.bigquery.DatasetIamMember;
import com.pulumi.gcp.bigquery.DatasetIamMemberArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var dataset = new Dataset("dataset", DatasetArgs.builder()
.datasetId("example_dataset")
.build());
var editor = new DatasetIamMember("editor", DatasetIamMemberArgs.builder()
.datasetId(dataset.datasetId())
.role("roles/bigquery.dataEditor")
.member("user:jane@example.com")
.build());
}
}Content copied to clipboard
resources:
editor:
type: gcp:bigquery:DatasetIamMember
properties:
datasetId: ${dataset.datasetId}
role: roles/bigquery.dataEditor
member: user:jane@example.com
dataset:
type: gcp:bigquery:Dataset
properties:
datasetId: example_datasetContent copied to clipboard
gcp.bigquery.DatasetIamBinding
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const dataset = new gcp.bigquery.Dataset("dataset", {datasetId: "example_dataset"});
const reader = new gcp.bigquery.DatasetIamBinding("reader", {
datasetId: dataset.datasetId,
role: "roles/bigquery.dataViewer",
members: ["user:jane@example.com"],
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
dataset = gcp.bigquery.Dataset("dataset", dataset_id="example_dataset")
reader = gcp.bigquery.DatasetIamBinding("reader",
dataset_id=dataset.dataset_id,
role="roles/bigquery.dataViewer",
members=["user:jane@example.com"])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var dataset = new Gcp.BigQuery.Dataset("dataset", new()
{
DatasetId = "example_dataset",
});
var reader = new Gcp.BigQuery.DatasetIamBinding("reader", new()
{
DatasetId = dataset.DatasetId,
Role = "roles/bigquery.dataViewer",
Members = new[]
{
"user:jane@example.com",
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
dataset, err := bigquery.NewDataset(ctx, "dataset", &bigquery.DatasetArgs{
DatasetId: pulumi.String("example_dataset"),
})
if err != nil {
return err
}
_, err = bigquery.NewDatasetIamBinding(ctx, "reader", &bigquery.DatasetIamBindingArgs{
DatasetId: dataset.DatasetId,
Role: pulumi.String("roles/bigquery.dataViewer"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.bigquery.Dataset;
import com.pulumi.gcp.bigquery.DatasetArgs;
import com.pulumi.gcp.bigquery.DatasetIamBinding;
import com.pulumi.gcp.bigquery.DatasetIamBindingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var dataset = new Dataset("dataset", DatasetArgs.builder()
.datasetId("example_dataset")
.build());
var reader = new DatasetIamBinding("reader", DatasetIamBindingArgs.builder()
.datasetId(dataset.datasetId())
.role("roles/bigquery.dataViewer")
.members("user:jane@example.com")
.build());
}
}Content copied to clipboard
resources:
reader:
type: gcp:bigquery:DatasetIamBinding
properties:
datasetId: ${dataset.datasetId}
role: roles/bigquery.dataViewer
members:
- user:jane@example.com
dataset:
type: gcp:bigquery:Dataset
properties:
datasetId: example_datasetContent copied to clipboard
gcp.bigquery.DatasetIamMember
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const dataset = new gcp.bigquery.Dataset("dataset", {datasetId: "example_dataset"});
const editor = new gcp.bigquery.DatasetIamMember("editor", {
datasetId: dataset.datasetId,
role: "roles/bigquery.dataEditor",
member: "user:jane@example.com",
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
dataset = gcp.bigquery.Dataset("dataset", dataset_id="example_dataset")
editor = gcp.bigquery.DatasetIamMember("editor",
dataset_id=dataset.dataset_id,
role="roles/bigquery.dataEditor",
member="user:jane@example.com")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var dataset = new Gcp.BigQuery.Dataset("dataset", new()
{
DatasetId = "example_dataset",
});
var editor = new Gcp.BigQuery.DatasetIamMember("editor", new()
{
DatasetId = dataset.DatasetId,
Role = "roles/bigquery.dataEditor",
Member = "user:jane@example.com",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
dataset, err := bigquery.NewDataset(ctx, "dataset", &bigquery.DatasetArgs{
DatasetId: pulumi.String("example_dataset"),
})
if err != nil {
return err
}
_, err = bigquery.NewDatasetIamMember(ctx, "editor", &bigquery.DatasetIamMemberArgs{
DatasetId: dataset.DatasetId,
Role: pulumi.String("roles/bigquery.dataEditor"),
Member: pulumi.String("user:jane@example.com"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.bigquery.Dataset;
import com.pulumi.gcp.bigquery.DatasetArgs;
import com.pulumi.gcp.bigquery.DatasetIamMember;
import com.pulumi.gcp.bigquery.DatasetIamMemberArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var dataset = new Dataset("dataset", DatasetArgs.builder()
.datasetId("example_dataset")
.build());
var editor = new DatasetIamMember("editor", DatasetIamMemberArgs.builder()
.datasetId(dataset.datasetId())
.role("roles/bigquery.dataEditor")
.member("user:jane@example.com")
.build());
}
}Content copied to clipboard
resources:
editor:
type: gcp:bigquery:DatasetIamMember
properties:
datasetId: ${dataset.datasetId}
role: roles/bigquery.dataEditor
member: user:jane@example.com
dataset:
type: gcp:bigquery:Dataset
properties:
datasetId: example_datasetContent copied to clipboard
Import
Importing IAM policies
IAM policy imports use the identifier of the BigQuery Dataset resource. For example:
projects/{{project_id}}/datasets/{{dataset_id}}Animportblock (Terraform v1.5.0 and later) can be used to import IAM policies: tf import { id = projects/{{project_id}}/datasets/{{dataset_id}} to = google_bigquery_dataset_iam_policy.default } Thepulumi importcommand can also be used:
$ pulumi import gcp:bigquery/datasetIamBinding:DatasetIamBinding default projects/{{project_id}}/datasets/{{dataset_id}}Content copied to clipboard