GCP BigQuery dataset is publicly accessible
Description
Dataset-level permissions help determine which users, groups, and service accounts are allowed to access tables, views, and table data in a specific BigQuery dataset. You can configure BigQuery permissions at a higher level in the Cloud IAM resource hierarchy. Your configurations are inherited and based on the IAM structure you select to apply. We recommend you ensure private datasets remain private by avoiding the All Authenticated Users option which gives all Google account holders access to the dataset, and makes the dataset public.
Code Example
go
resource "google_bigquery_dataset" "pass_special_group" {
dataset_id = "example_dataset"
friendly_name = "test"
description = "This is a test description"
location = "US"
access {
role = "READER"
special_group = "projectReaders"
}
}Remediation
Terraform
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0875 |
| Severity | HIGH |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_GCP_15 |