Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/google-cloud-platform/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Google cloud platform 通过terraform授予对特定BQ表的访问权限_Google Cloud Platform_Terraform_Terraform Provider Gcp - Fatal编程技术网
Fatal编程技术网

Google cloud platform 通过terraform授予对特定BQ表的访问权限

google-cloud-platform terraform

Google cloud platform 通过terraform授予对特定BQ表的访问权限,google-cloud-platform,terraform,terraform-provider-gcp,Google Cloud Platform,Terraform,Terraform Provider Gcp,我想授予READER访问3封群邮件的权限 variable my_external_users { type = map(any) default = { group_1 = { group_by_email = "email_1@group.com" role = "READER" } group_2 = { group_by_email = "email_

我想授予
READER
访问3封群邮件的权限

variable my_external_users {
  type = map(any)
  default = {
    group_1 = {
      group_by_email = "email_1@group.com"
      role           = "READER"
    }
    group_2 = {
      group_by_email = "email_2@group.com"
      role           = "READER"
    }
    group_3 = {
      group_by_email = "email_3@group.com"
      role           = "READER"
    }
  }
}


resource "google_bigquery_dataset" "my_dataset" {
  dataset_id    = "MY_DATASET"
  location      = var.region
  project       = var.project

  dynamic access {
    for_each = var.my_external_users
    content {
      role           = access.value.role
      group_by_email = access.value.group_by_email
    }
  }
}
我相信这样做会将整个数据集授予用户。我只想授予对名为
my_table
的特定表的访问权限。然而,我无法实现它。我不确定在哪里指定表id。

有3个允许您在表级别控制IAM:

  • google\u bigquery\u table\u iam\u策略
  • google\u bigquery\u table\u iam\u binding
  • google\u bigquery\u table\u iam\u成员
根据需要(权威IAM、特定角色的权威或非权威),您可以使用这些资源之一

例如,如果您要在
阅读器
角色(
google\u bigquery\u table\u iam\u binding
)上选择权威的:

嗨,我想这就是我想要的答案。你能详细说明它是什么意思吗?我在
绑定
成员
之间左右为难,需要使用授权替换所有IAM,而非授权允许拥有其他IAM权限,例如通过控制台设置。您可以查看此问题以了解更多信息:。如果您确定只有您的3个组将成为表上的data viewer,那么您可以进行
绑定
。否则,如果您有其他属于data viewer但未使用Terraform设置的组、用户或服务帐户,请选择
member
resource "google_bigquery_table_iam_binding" "binding" {
  project    = "my-project"
  dataset_id = "MY_DATASET"
  table_id   = "my_table"
  role       = "roles/bigquery.dataViewer" # maps to READER role
  members    = [
    "group:email_1@group.com",
    "group:email_2@group.com",
    "group:email_3@group.com",
  ]
}