I am currently implementing an audit process in our organization wherein we want to know all the dataset a particular service account has access to in Google BigQuery.
I did manage to look for a gcloud command:
gcloud iam service-accounts list
But its just listing all the service account names and emails. If you could redirect me to a reference that would be really helpful
Thanks!
Your best bet would be to use the BigQuery CLI tool 'bq'. From BQ you can list all datasets in a project, and filter based on applied labels to those datasets using commands similar to:
bq ls
bq ls --filter labels.environment:prod
You can see the details of a dataset using
bq show datasetname
or
bq show --project_id 'my-project-1234' datasetname
Which will provide an output similar to:
Last modified ACLs Labels
----------------- --------------------------- -------- 16 Oct 13:45:32
Owners:
projectOwners,
FridayPush@org.com
Writers:
projectWriters
Readers:
secondaryUser@org.com,
projectReaders
Details about the BQ CLI tool are here. Here's my main suggestion, append the --format=json flag onto the end. Which will return all responses as json and allows easier bash scripting or use of tools like jq to process the response.