I would like to set a fine-grained, resource-specific IAM policy for a single Google BigQuery Dataset. The documentation I've found so far only explains how to get and set IAM policies for the project resource e.g. https://cloudresourcemanager.googleapis.com/v1/projects/<project-id>:getIamPolicy.
I am trying to get the policy for a resource within a project, specifically a Google BigQuery dataset with an API URL like this: https://www.googleapis.com/bigquery/v2/projects/<project-id>/datasets/<dataset-id>.
I have tried a number of obvious-looking URIs like
https://www.googleapis.com/bigquery/v2/projects/<project-id>/datasets/<dataset-id>:getIamPolicyhttps://cloudresourcemanager.googleapis.com/v1/projects/<project-id>/datasets/<dataset-id>:getIamPolicybut have hit 404 errors. Does anyone know the correct URL pattern for IAM policies for Google BigQuery Datasets?
I am trying to get the policy for a resource within a project, specifically a Google BigQuery dataset ...
You already have it in your question - you should use GET https://www.googleapis.com/bigquery/v2/projects/<projectId>/datasets/<datasetId> and in response you should look for access property
From documentation:
Access is an array of objects that define dataset access for one or more entities. You can set this property when inserting or updating a dataset in order to control who is allowed to access the data. If unspecified at dataset creation time, BigQuery adds default dataset access for the following entities:
access.specialGroup: projectReaders; access.role: READER; access.specialGroup: projectWriters; access.role: WRITER; access.specialGroup: projectOwners; access.role: OWNER; access.userByEmail: [dataset creator email]; access.role: OWNER;
And, if you want to change access - you should use PATCH https://www.googleapis.com/bigquery/v2/projects/<projectId>/datasets/<datasetId> or PUT https://www.googleapis.com/bigquery/v2/projects/<projectId>/datasets/<datasetId>