google-cloud-platform google-bigquery google-iam google-dataplex

Grant access on BigQuery based on table prefix

I need to grant a group of users conditional access as bigquery.dataEditor on tables that start with a certain prefix.

Example : The group should only have access to tables starting with the word "alpha_"

Is it possible to propagate this condition via IAM or via Dataplex ?

Solution

based on this https://cloud.google.com/iam/docs/conditions-overview#resources it appears conditional role bindings is not support for BigQuery, therefore, the easiest solution will to create a separate datasets with all the tables with selected prefix and then grant the specific users data editor role for those tables under new dataset

Google Cloud Build Error: build step 0 "gcr.io/cloud-builders/docker" failed: step exited with non-zero status: 1
Terraform - GCP - Import project IAM member
Getting random "User not found in file /etc/passwd" error on Cloud Run Job
Change time format in GCP Logs Explorer
Deploying to Cloud Run with a custom service account failed with iam.serviceaccounts.actAs error
Deploying a pelican site to Google Cloud Run with Dockerfile not working
Is there a good explanation of resource labels versus metric labels?
Why do I set the resource type when writing the metric but not when creating a descriptor?
google-github-actions/get-gke-credentials failed with: required "container.clusters.get" permission(s)
GA4 Data Not Retained for More Than 60 Days Despite BigQuery Table Expiration Set to 'Never
How to list all enabled API services for Google Cloud Platform project
Google Cloud calendar API connection error
Downloading a folder from cloud storage in GitHub action and move it inside a docker container is not working
How to fix CloudRun error 'The request was aborted because there was no available instance'
Google Cloud Build with Dockerfile and copy files
Firebase CLI console: Cannot find module @google-cloud/tasks
Does Cloud SQL have a query console or is CLI the only option?
How to use Google Cloud Shell with the new Windows Terminal
Why does GKE kubernetes cluster need a version?
Unable to Read Mounted GCSFuse Directory After Adding --implicit-dirs Option
Error: 10: Developer console is not set up correctly (Not Using Firebase) (One Tap sign-up)
Connection between Private GKE and Cloud SQL
Kubernetes cluster architecture
Validating PubSub message against AVRO JSON schema with multiple union types
Can i run cloud run jobs locally
How to log SSL/TLS Handshake details on Google Cloud Load Balancer
Utilizing Gemini: Through Vertex AI or through Google/generative-ai?
How to use Puppeteer in 2nd gen Cloud Functions?
GCP Logging: who created a Project?
Connection broken: IncompleteRead in Google Cloud Run