This submodule is used to add authorized datasets, authorized views and authorized routines.
An authorized dataset
lets you authorize all of the views in a specified dataset to access the data in a second dataset. An authorized view
lets you share query results with particular users and groups without giving them access to the underlying source data. Authorized Routine (Function)
let you share query results with particular users or groups without giving those users or groups access to the underlying tables
It is possible to define authorized views while creating a dataset. However, we have a chicken&egg problem if we create all at the same time. This module has the goal of solving that. See basic_view as an example.
This module creates bigquery_dataset_access resources, which conflict with the access blocks in a bigquery_dataset resource. Therefore, when using together with a dataset, you should pass empty access block to the dataset.
Example:
module "dataset" {
source = "terraform-google-modules/bigquery/google"
version = "~> 7.0"
dataset_id = "example_dataset"
dataset_name = "example_dataset"
description = "example description"
project_id = "example-project"
location = "US"
access = [] # pass empty not to conflict with below
}
module "add_authorization" {
source = "terraform-google-modules/bigquery/google//modules/authorization"
version = "~> 4.1"
dataset_id = module.dataset.bigquery_dataset.dataset_id
project_id = module.dataset.bigquery_dataset.project
roles = [
{
role = "roles/bigquery.dataEditor"
group_by_email = "[email protected]"
}
]
authorized_views = [
{
project_id = "view_project"
dataset_id = "view_dataset"
table_id = "view_id"
}
]
authorized_datasets = [
{
project_id = "auth_dataset_project"
dataset_id = "auth_dataset"
}
]
}
Name | Description | Type | Default | Required |
---|---|---|---|---|
authorized_datasets | An array of datasets to be authorized on the dataset | list(object({ |
[] |
no |
authorized_routines | An array of authorized routine to be authorized on the dataset | list(object({ |
[] |
no |
authorized_views | An array of views to give authorize for the dataset | list(object({ |
[] |
no |
dataset_id | Unique ID for the dataset being provisioned. | string |
n/a | yes |
project_id | Project where the dataset and table are created | string |
n/a | yes |
roles | An array of objects that define dataset access for one or more entities. | any |
[] |
no |
Name | Description |
---|---|
authorized_dataset | Authorized datasets for the BQ dataset |
authorized_roles | Authorized roles for the dataset |
authorized_views | Authorized views for the dataset |