DatasetAccess

Gives dataset access for a single entity. This resource is intended to be used in cases where it is not possible to compile a full list of access blocks to include in a gcp.bigquery.Dataset resource, to enable them to be added separately.

Note: If this resource is used alongside a gcp.bigquery.Dataset resource, the dataset resource must either have no defined access blocks or a lifecycle block with ignore_changes = [access] so they don’t fight over which accesses should be on the dataset.

To get more information about DatasetAccess, see:

API documentation
How-to Guides
- Controlling access to datasets

Create a DatasetAccess Resource

new DatasetAccess(name: string, args: DatasetAccessArgs, opts?: CustomResourceOptions);

def DatasetAccess(resource_name, opts=None, dataset_id=None, domain=None, group_by_email=None, iam_member=None, project=None, role=None, special_group=None, user_by_email=None, view=None, __props__=None);

func NewDatasetAccess(ctx *Context, name string, args DatasetAccessArgs, opts ...ResourceOption) (*DatasetAccess, error)

public DatasetAccess(string name, DatasetAccessArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args DatasetAccessArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args DatasetAccessArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args DatasetAccessArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

DatasetAccess Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The DatasetAccess resource accepts the following input properties:

DatasetId string: The ID of the dataset containing this table.
Domain string: A domain to grant access to. Any users signed in with the domain specified will be granted the specified access
GroupByEmail string: An email address of a Google Group to grant access to.
IamMember string: Some other type of member that appears in the IAM Policy but isn’t a user, group, domain, or special group. For example: allUsers
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Role string: Describes the rights granted to the user specified by the other member of the access object. Primitive, Predefined and custom roles are supported. Predefined roles that have equivalent primitive roles are swapped by the API to their Primitive counterparts, and will show a diff post-create. See official docs.
SpecialGroup string: A special group to grant access to. Possible values include:
UserByEmail string: An email address of a user to grant access to. For example: fred@example.com
View DatasetAccessViewArgs: A view from a different dataset to grant access to. Queries executed against that view will have read access to tables in this dataset. The role field is not required when this field is set. If that view is updated by any user, access to the view needs to be granted again via an update operation. Structure is documented below.

DatasetId string: The ID of the dataset containing this table.
Domain string: A domain to grant access to. Any users signed in with the domain specified will be granted the specified access
GroupByEmail string: An email address of a Google Group to grant access to.
IamMember string: Some other type of member that appears in the IAM Policy but isn’t a user, group, domain, or special group. For example: allUsers
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Role string: Describes the rights granted to the user specified by the other member of the access object. Primitive, Predefined and custom roles are supported. Predefined roles that have equivalent primitive roles are swapped by the API to their Primitive counterparts, and will show a diff post-create. See official docs.
SpecialGroup string: A special group to grant access to. Possible values include:
UserByEmail string: An email address of a user to grant access to. For example: fred@example.com
View DatasetAccessView: A view from a different dataset to grant access to. Queries executed against that view will have read access to tables in this dataset. The role field is not required when this field is set. If that view is updated by any user, access to the view needs to be granted again via an update operation. Structure is documented below.

datasetId string: The ID of the dataset containing this table.
domain string: A domain to grant access to. Any users signed in with the domain specified will be granted the specified access
groupByEmail string: An email address of a Google Group to grant access to.
iamMember string: Some other type of member that appears in the IAM Policy but isn’t a user, group, domain, or special group. For example: allUsers
project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
role string: Describes the rights granted to the user specified by the other member of the access object. Primitive, Predefined and custom roles are supported. Predefined roles that have equivalent primitive roles are swapped by the API to their Primitive counterparts, and will show a diff post-create. See official docs.
specialGroup string: A special group to grant access to. Possible values include:
userByEmail string: An email address of a user to grant access to. For example: fred@example.com
view DatasetAccessView: A view from a different dataset to grant access to. Queries executed against that view will have read access to tables in this dataset. The role field is not required when this field is set. If that view is updated by any user, access to the view needs to be granted again via an update operation. Structure is documented below.

dataset_id str: The ID of the dataset containing this table.
domain str: A domain to grant access to. Any users signed in with the domain specified will be granted the specified access
group_by_email str: An email address of a Google Group to grant access to.
iam_member str: Some other type of member that appears in the IAM Policy but isn’t a user, group, domain, or special group. For example: allUsers
project str: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
role str: Describes the rights granted to the user specified by the other member of the access object. Primitive, Predefined and custom roles are supported. Predefined roles that have equivalent primitive roles are swapped by the API to their Primitive counterparts, and will show a diff post-create. See official docs.
special_group str: A special group to grant access to. Possible values include:
user_by_email str: An email address of a user to grant access to. For example: fred@example.com
view Dict[DatasetAccessView]: A view from a different dataset to grant access to. Queries executed against that view will have read access to tables in this dataset. The role field is not required when this field is set. If that view is updated by any user, access to the view needs to be granted again via an update operation. Structure is documented below.

Outputs

All input properties are implicitly available as output properties. Additionally, the DatasetAccess resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

Look up an Existing DatasetAccess Resource

Get an existing DatasetAccess resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: DatasetAccessState, opts?: CustomResourceOptions): DatasetAccess

static get(resource_name, id, opts=None, dataset_id=None, domain=None, group_by_email=None, iam_member=None, project=None, role=None, special_group=None, user_by_email=None, view=None, __props__=None);

func GetDatasetAccess(ctx *Context, name string, id IDInput, state *DatasetAccessState, opts ...ResourceOption) (*DatasetAccess, error)

public static DatasetAccess Get(string name, Input<string> id, DatasetAccessState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

DatasetId string: The ID of the dataset containing this table.
Domain string: A domain to grant access to. Any users signed in with the domain specified will be granted the specified access
GroupByEmail string: An email address of a Google Group to grant access to.
IamMember string: Some other type of member that appears in the IAM Policy but isn’t a user, group, domain, or special group. For example: allUsers
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Role string: Describes the rights granted to the user specified by the other member of the access object. Primitive, Predefined and custom roles are supported. Predefined roles that have equivalent primitive roles are swapped by the API to their Primitive counterparts, and will show a diff post-create. See official docs.
SpecialGroup string: A special group to grant access to. Possible values include:
UserByEmail string: An email address of a user to grant access to. For example: fred@example.com
View DatasetAccessViewArgs: A view from a different dataset to grant access to. Queries executed against that view will have read access to tables in this dataset. The role field is not required when this field is set. If that view is updated by any user, access to the view needs to be granted again via an update operation. Structure is documented below.

DatasetId string: The ID of the dataset containing this table.
Domain string: A domain to grant access to. Any users signed in with the domain specified will be granted the specified access
GroupByEmail string: An email address of a Google Group to grant access to.
IamMember string: Some other type of member that appears in the IAM Policy but isn’t a user, group, domain, or special group. For example: allUsers
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Role string: Describes the rights granted to the user specified by the other member of the access object. Primitive, Predefined and custom roles are supported. Predefined roles that have equivalent primitive roles are swapped by the API to their Primitive counterparts, and will show a diff post-create. See official docs.
SpecialGroup string: A special group to grant access to. Possible values include:
UserByEmail string: An email address of a user to grant access to. For example: fred@example.com
View DatasetAccessView: A view from a different dataset to grant access to. Queries executed against that view will have read access to tables in this dataset. The role field is not required when this field is set. If that view is updated by any user, access to the view needs to be granted again via an update operation. Structure is documented below.

datasetId string: The ID of the dataset containing this table.
domain string: A domain to grant access to. Any users signed in with the domain specified will be granted the specified access
groupByEmail string: An email address of a Google Group to grant access to.
iamMember string: Some other type of member that appears in the IAM Policy but isn’t a user, group, domain, or special group. For example: allUsers
project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
role string: Describes the rights granted to the user specified by the other member of the access object. Primitive, Predefined and custom roles are supported. Predefined roles that have equivalent primitive roles are swapped by the API to their Primitive counterparts, and will show a diff post-create. See official docs.
specialGroup string: A special group to grant access to. Possible values include:
userByEmail string: An email address of a user to grant access to. For example: fred@example.com
view DatasetAccessView: A view from a different dataset to grant access to. Queries executed against that view will have read access to tables in this dataset. The role field is not required when this field is set. If that view is updated by any user, access to the view needs to be granted again via an update operation. Structure is documented below.

dataset_id str: The ID of the dataset containing this table.
domain str: A domain to grant access to. Any users signed in with the domain specified will be granted the specified access
group_by_email str: An email address of a Google Group to grant access to.
iam_member str: Some other type of member that appears in the IAM Policy but isn’t a user, group, domain, or special group. For example: allUsers
project str: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
role str: Describes the rights granted to the user specified by the other member of the access object. Primitive, Predefined and custom roles are supported. Predefined roles that have equivalent primitive roles are swapped by the API to their Primitive counterparts, and will show a diff post-create. See official docs.
special_group str: A special group to grant access to. Possible values include:
user_by_email str: An email address of a user to grant access to. For example: fred@example.com
view Dict[DatasetAccessView]: A view from a different dataset to grant access to. Queries executed against that view will have read access to tables in this dataset. The role field is not required when this field is set. If that view is updated by any user, access to the view needs to be granted again via an update operation. Structure is documented below.

Supporting Types

DatasetAccessView

See the input and output API doc for this type.

DatasetId string: The ID of the dataset containing this table.
ProjectId string: The ID of the project containing this table.
TableId string: The ID of the table. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 1,024 characters.

DatasetId string: The ID of the dataset containing this table.
ProjectId string: The ID of the project containing this table.
TableId string: The ID of the table. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 1,024 characters.

datasetId string: The ID of the dataset containing this table.
projectId string: The ID of the project containing this table.
tableId string: The ID of the table. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 1,024 characters.

dataset_id str: The ID of the dataset containing this table.
project_id str: The ID of the project containing this table.
table_id str: The ID of the table. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 1,024 characters.

Package Details

Repository: https://github.com/pulumi/pulumi-gcp
License: Apache-2.0
Notes: This Pulumi package is based on the google-beta Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud