Class DatasetAccess
Gives dataset access for a single entity. This resource is intended to be used in cases where
it is not possible to compile a full list of access blocks to include in a
gcp.bigquery.Dataset resource, to enable them to be added separately.
Note: If this resource is used alongside a
gcp.bigquery.Datasetresource, the dataset resource must either have no definedaccessblocks or alifecycleblock withignore_changes = [access]so they don't fight over which accesses should be on the dataset.
To get more information about DatasetAccess, see:
- API documentation
- How-to Guides
- Controlling access to datasets
Example Usage - Bigquery Dataset Access Basic User
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var dataset = new Gcp.BigQuery.Dataset("dataset", new Gcp.BigQuery.DatasetArgs
{
DatasetId = "example_dataset",
});
var bqowner = new Gcp.ServiceAccount.Account("bqowner", new Gcp.ServiceAccount.AccountArgs
{
AccountId = "bqowner",
});
var access = new Gcp.BigQuery.DatasetAccess("access", new Gcp.BigQuery.DatasetAccessArgs
{
DatasetId = dataset.DatasetId,
Role = "OWNER",
UserByEmail = bqowner.Email,
});
}
}
Example Usage - Bigquery Dataset Access View
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var @private = new Gcp.BigQuery.Dataset("private", new Gcp.BigQuery.DatasetArgs
{
DatasetId = "example_dataset",
});
var publicDataset = new Gcp.BigQuery.Dataset("publicDataset", new Gcp.BigQuery.DatasetArgs
{
DatasetId = "example_dataset2",
});
var publicTable = new Gcp.BigQuery.Table("publicTable", new Gcp.BigQuery.TableArgs
{
DatasetId = publicDataset.DatasetId,
TableId = "example_table",
View = new Gcp.BigQuery.Inputs.TableViewArgs
{
Query = "SELECT state FROM [lookerdata:cdc.project_tycho_reports]",
UseLegacySql = false,
},
});
var access = new Gcp.BigQuery.DatasetAccess("access", new Gcp.BigQuery.DatasetAccessArgs
{
DatasetId = @private.DatasetId,
View = new Gcp.BigQuery.Inputs.DatasetAccessViewArgs
{
ProjectId = publicTable.Project,
DatasetId = publicDataset.DatasetId,
TableId = publicTable.TableId,
},
});
}
}
Inherited Members
Namespace: Pulumi.Gcp.BigQuery
Assembly: Pulumi.Gcp.dll
Syntax
public class DatasetAccess : CustomResourceConstructors
View SourceDatasetAccess(String, DatasetAccessArgs, CustomResourceOptions)
Create a DatasetAccess resource with the given unique name, arguments, and options.
Declaration
public DatasetAccess(string name, DatasetAccessArgs args, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resource |
| DatasetAccessArgs | args | The arguments used to populate this resource's properties |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Properties
View SourceDatasetId
The ID of the dataset containing this table.
Declaration
public Output<string> DatasetId { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Domain
A domain to grant access to. Any users signed in with the domain specified will be granted the specified access
Declaration
public Output<string> Domain { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
GroupByEmail
An email address of a Google Group to grant access to.
Declaration
public Output<string> GroupByEmail { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
IamMember
Some other type of member that appears in the IAM Policy but isn't a user,
group, domain, or special group. For example: allUsers
Declaration
public Output<string> IamMember { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Project
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Declaration
public Output<string> Project { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Role
Describes the rights granted to the user specified by the other member of the access object. Primitive, Predefined and custom roles are supported. Predefined roles that have equivalent primitive roles are swapped by the API to their Primitive counterparts, and will show a diff post-create. See official docs.
Declaration
public Output<string> Role { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
SpecialGroup
A special group to grant access to. Possible values include:
Declaration
public Output<string> SpecialGroup { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
UserByEmail
An email address of a user to grant access to. For example: fred@example.com
Declaration
public Output<string> UserByEmail { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
View
A view from a different dataset to grant access to. Queries executed against that view will have read access to tables in this dataset. The role field is not required when this field is set. If that view is updated by any user, access to the view needs to be granted again via an update operation. Structure is documented below.
Declaration
public Output<DatasetAccessView> View { get; }Property Value
| Type | Description |
|---|---|
| Output<DatasetAccessView> |
Methods
View SourceGet(String, Input<String>, DatasetAccessState, CustomResourceOptions)
Get an existing DatasetAccess resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
Declaration
public static DatasetAccess Get(string name, Input<string> id, DatasetAccessState state = null, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resulting resource. |
| Input<System.String> | id | The unique provider ID of the resource to lookup. |
| DatasetAccessState | state | Any extra arguments used during the lookup. |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Returns
| Type | Description |
|---|---|
| DatasetAccess |