v5.18.0/website/docs/r/bigquery_dataset_access.html.markdown - terraform-provider-google-beta - Git at Google

 ---
 # ----------------------------------------------------------------------------
 #
 #     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
 #
 # ----------------------------------------------------------------------------
 #
 #     This file is automatically generated by Magic Modules and manual
 #     changes will be clobbered when the file is regenerated.
 #
 #     Please read more about how to change this file in
 #     .github/CONTRIBUTING.md.
 #
 # ----------------------------------------------------------------------------
 subcategory: "BigQuery"
 description: |-
   Gives dataset access for a single entity.
 ---

 # google\_bigquery\_dataset\_access

 Gives dataset access for a single entity. This resource is intended to be used in cases where
 it is not possible to compile a full list of access blocks to include in a
 `google_bigquery_dataset` resource, to enable them to be added separately.

 ~> **Note:** If this resource is used alongside a `google_bigquery_dataset` resource, the
 dataset resource must either have no defined `access` blocks or a `lifecycle` block with
 `ignore_changes = [access]` so they don't fight over which accesses should be on the dataset.
 Additionally, both resource cannot be modified in the same apply.


 To get more information about DatasetAccess, see:

 * [API documentation](https://cloud.google.com/bigquery/docs/reference/rest/v2/datasets)
 * How-to Guides
     * [Controlling access to datasets](https://cloud.google.com/bigquery/docs/dataset-access-controls)

 ~> **Warning:** You must specify the role field using the legacy format `OWNER` instead of `roles/bigquery.dataOwner`.
 The API does accept both formats but it will always return the legacy format which results in Terraform
 showing permanent diff on each plan and apply operation.

 ## Example Usage - Bigquery Dataset Access Basic User


 ```hcl
 resource "google_bigquery_dataset_access" "access" {
   dataset_id    = google_bigquery_dataset.dataset.dataset_id
   role          = "OWNER"
   user_by_email = google_service_account.bqowner.email
 }

 resource "google_bigquery_dataset" "dataset" {
   dataset_id = "example_dataset"
 }

 resource "google_service_account" "bqowner" {
   account_id = "bqowner"
 }
 ```
 ## Example Usage - Bigquery Dataset Access View


 ```hcl
 resource "google_bigquery_dataset_access" "access" {
   dataset_id    = google_bigquery_dataset.private.dataset_id
   view {
     project_id = google_bigquery_table.public.project
     dataset_id = google_bigquery_dataset.public.dataset_id
     table_id   = google_bigquery_table.public.table_id
   }
 }

 resource "google_bigquery_dataset" "private" {
   dataset_id = "example_dataset"
 }

 resource "google_bigquery_dataset" "public" {
   dataset_id = "example_dataset2"
 }

 resource "google_bigquery_table" "public" {
   deletion_protection = false
   dataset_id = google_bigquery_dataset.public.dataset_id
   table_id   = "example_table"

   view {
     query          = "SELECT state FROM [lookerdata:cdc.project_tycho_reports]"
     use_legacy_sql = false
   }
 }
 ```
 ## Example Usage - Bigquery Dataset Access Authorized Dataset


 ```hcl
 resource "google_bigquery_dataset_access" "access" {
   dataset_id    = google_bigquery_dataset.private.dataset_id
   dataset {
     dataset{
       project_id = google_bigquery_dataset.public.project
       dataset_id = google_bigquery_dataset.public.dataset_id
     }
     target_types = ["VIEWS"]
   }
 }

 resource "google_bigquery_dataset" "private" {
   dataset_id = "private"
 }

 resource "google_bigquery_dataset" "public" {
   dataset_id = "public"
 }
 ```
 ## Example Usage - Bigquery Dataset Access Authorized Routine


 ```hcl
 resource "google_bigquery_dataset" "public" {
   dataset_id  = "public_dataset"
   description = "This dataset is public"
 }

 resource "google_bigquery_routine" "public" {
   dataset_id      = google_bigquery_dataset.public.dataset_id
   routine_id      = "public_routine"
   routine_type    = "TABLE_VALUED_FUNCTION"
   language        = "SQL"
   definition_body = <<-EOS
     SELECT 1 + value AS value
   EOS
   arguments {
     name          = "value"
     argument_kind = "FIXED_TYPE"
     data_type     = jsonencode({ "typeKind" = "INT64" })
   }
   return_table_type = jsonencode({ "columns" = [
     { "name" = "value", "type" = { "typeKind" = "INT64" } },
   ] })
 }

 resource "google_bigquery_dataset" "private" {
   dataset_id  = "private_dataset"
   description = "This dataset is private"
 }

 resource "google_bigquery_dataset_access" "authorized_routine" {
   dataset_id = google_bigquery_dataset.private.dataset_id
   routine {
     project_id = google_bigquery_routine.public.project
     dataset_id = google_bigquery_routine.public.dataset_id
     routine_id = google_bigquery_routine.public.routine_id
   }
 }
 ```

 ## Argument Reference

 The following arguments are supported:


 * `dataset_id` -
   (Required)
   A unique ID for this dataset, without the project name. The ID
   must contain only letters (a-z, A-Z), numbers (0-9), or
   underscores (_). The maximum length is 1,024 characters.


 - - -


 * `role` -
   (Optional)
   Describes the rights granted to the user specified by the other
   member of the access object. Basic, predefined, and custom roles are
   supported. Predefined roles that have equivalent basic roles are
   swapped by the API to their basic counterparts, and will show a diff
   post-create. See
   [official docs](https://cloud.google.com/bigquery/docs/access-control).

 * `user_by_email` -
   (Optional)
   An email address of a user to grant access to. For example:
   fred@example.com

 * `group_by_email` -
   (Optional)
   An email address of a Google Group to grant access to.

 * `domain` -
   (Optional)
   A domain to grant access to. Any users signed in with the
   domain specified will be granted the specified access

 * `special_group` -
   (Optional)
   A special group to grant access to. Possible values include:

   * `projectOwners`: Owners of the enclosing project.

   * `projectReaders`: Readers of the enclosing project.

   * `projectWriters`: Writers of the enclosing project.

   * `allAuthenticatedUsers`: All authenticated BigQuery users.

 * `iam_member` -
   (Optional)
   Some other type of member that appears in the IAM Policy but isn't a user,
   group, domain, or special group. For example: `allUsers`

 * `view` -
   (Optional)
   A view from a different dataset to grant access to. Queries
   executed against that view will have read access to tables in
   this dataset. The role field is not required when this field is
   set. If that view is updated by any user, access to the view
   needs to be granted again via an update operation.
   Structure is [documented below](#nested_view).

 * `dataset` -
   (Optional)
   Grants all resources of particular types in a particular dataset read access to the current dataset.
   Structure is [documented below](#nested_dataset).

 * `routine` -
   (Optional)
   A routine from a different dataset to grant access to. Queries
   executed against that routine will have read access to tables in
   this dataset. The role field is not required when this field is
   set. If that routine is updated by any user, access to the routine
   needs to be granted again via an update operation.
   Structure is [documented below](#nested_routine).

 * `project` - (Optional) The ID of the project in which the resource belongs.
     If it is not provided, the provider project is used.


 <a name="nested_view"></a>The `view` block supports:

 * `dataset_id` -
   (Required)
   The ID of the dataset containing this table.

 * `project_id` -
   (Required)
   The ID of the project containing this table.

 * `table_id` -
   (Required)
   The ID of the table. The ID must contain only letters (a-z,
   A-Z), numbers (0-9), or underscores (_). The maximum length
   is 1,024 characters.

 <a name="nested_dataset"></a>The `dataset` block supports:

 * `dataset` -
   (Required)
   The dataset this entry applies to
   Structure is [documented below](#nested_dataset).

 * `target_types` -
   (Required)
   Which resources in the dataset this entry applies to. Currently, only views are supported,
   but additional target types may be added in the future. Possible values: VIEWS


 <a name="nested_dataset"></a>The `dataset` block supports:

 * `dataset_id` -
   (Required)
   The ID of the dataset containing this table.

 * `project_id` -
   (Required)
   The ID of the project containing this table.

 <a name="nested_routine"></a>The `routine` block supports:

 * `dataset_id` -
   (Required)
   The ID of the dataset containing this table.

 * `project_id` -
   (Required)
   The ID of the project containing this table.

 * `routine_id` -
   (Required)
   The ID of the routine. The ID must contain only letters (a-z,
   A-Z), numbers (0-9), or underscores (_). The maximum length
   is 256 characters.

 ## Attributes Reference

 In addition to the arguments listed above, the following computed attributes are exported:

 * `id` - an identifier for the resource with format `projects/{{project}}/datasets/{{dataset_id}}`


 ## Timeouts

 This resource provides the following
 [Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

 - `create` - Default is 20 minutes.
 - `delete` - Default is 20 minutes.

 ## Import

 This resource does not support import.

 ## User Project Overrides

 This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).
	---
	# ----------------------------------------------------------------------------
	#
	# * AUTO GENERATED CODE * Type: MMv1 ***
	#
	# ----------------------------------------------------------------------------
	#
	# This file is automatically generated by Magic Modules and manual
	# changes will be clobbered when the file is regenerated.
	#
	# Please read more about how to change this file in
	# .github/CONTRIBUTING.md.
	#
	# ----------------------------------------------------------------------------
	subcategory: "BigQuery"
	description: \|-
	Gives dataset access for a single entity.
	---

	# google\_bigquery\_dataset\_access

	Gives dataset access for a single entity. This resource is intended to be used in cases where
	it is not possible to compile a full list of access blocks to include in a
	`google_bigquery_dataset` resource, to enable them to be added separately.

	~> Note: If this resource is used alongside a `google_bigquery_dataset` resource, the
	dataset resource must either have no defined `access` blocks or a `lifecycle` block with
	`ignore_changes = [access]` so they don't fight over which accesses should be on the dataset.
	Additionally, both resource cannot be modified in the same apply.


	To get more information about DatasetAccess, see:

	* [API documentation](https://cloud.google.com/bigquery/docs/reference/rest/v2/datasets)
	* How-to Guides
	* [Controlling access to datasets](https://cloud.google.com/bigquery/docs/dataset-access-controls)

	~> Warning: You must specify the role field using the legacy format `OWNER` instead of `roles/bigquery.dataOwner`.
	The API does accept both formats but it will always return the legacy format which results in Terraform
	showing permanent diff on each plan and apply operation.

	## Example Usage - Bigquery Dataset Access Basic User


	```hcl
	resource "google_bigquery_dataset_access" "access" {
	dataset_id = google_bigquery_dataset.dataset.dataset_id
	role = "OWNER"
	user_by_email = google_service_account.bqowner.email
	}

	resource "google_bigquery_dataset" "dataset" {
	dataset_id = "example_dataset"
	}

	resource "google_service_account" "bqowner" {
	account_id = "bqowner"
	}
	```
	## Example Usage - Bigquery Dataset Access View


	```hcl
	resource "google_bigquery_dataset_access" "access" {
	dataset_id = google_bigquery_dataset.private.dataset_id
	view {
	project_id = google_bigquery_table.public.project
	dataset_id = google_bigquery_dataset.public.dataset_id
	table_id = google_bigquery_table.public.table_id
	}
	}

	resource "google_bigquery_dataset" "private" {
	dataset_id = "example_dataset"
	}

	resource "google_bigquery_dataset" "public" {
	dataset_id = "example_dataset2"
	}

	resource "google_bigquery_table" "public" {
	deletion_protection = false
	dataset_id = google_bigquery_dataset.public.dataset_id
	table_id = "example_table"

	view {
	query = "SELECT state FROM [lookerdata:cdc.project_tycho_reports]"
	use_legacy_sql = false
	}
	}
	```
	## Example Usage - Bigquery Dataset Access Authorized Dataset


	```hcl
	resource "google_bigquery_dataset_access" "access" {
	dataset_id = google_bigquery_dataset.private.dataset_id
	dataset {
	dataset{
	project_id = google_bigquery_dataset.public.project
	dataset_id = google_bigquery_dataset.public.dataset_id
	}
	target_types = ["VIEWS"]
	}
	}

	resource "google_bigquery_dataset" "private" {
	dataset_id = "private"
	}

	resource "google_bigquery_dataset" "public" {
	dataset_id = "public"
	}
	```
	## Example Usage - Bigquery Dataset Access Authorized Routine


	```hcl
	resource "google_bigquery_dataset" "public" {
	dataset_id = "public_dataset"
	description = "This dataset is public"
	}

	resource "google_bigquery_routine" "public" {
	dataset_id = google_bigquery_dataset.public.dataset_id
	routine_id = "public_routine"
	routine_type = "TABLE_VALUED_FUNCTION"
	language = "SQL"
	definition_body = <<-EOS
	SELECT 1 + value AS value
	EOS
	arguments {
	name = "value"
	argument_kind = "FIXED_TYPE"
	data_type = jsonencode({ "typeKind" = "INT64" })
	}
	return_table_type = jsonencode({ "columns" = [
	{ "name" = "value", "type" = { "typeKind" = "INT64" } },
	] })
	}

	resource "google_bigquery_dataset" "private" {
	dataset_id = "private_dataset"
	description = "This dataset is private"
	}

	resource "google_bigquery_dataset_access" "authorized_routine" {
	dataset_id = google_bigquery_dataset.private.dataset_id
	routine {
	project_id = google_bigquery_routine.public.project
	dataset_id = google_bigquery_routine.public.dataset_id
	routine_id = google_bigquery_routine.public.routine_id
	}
	}
	```

	## Argument Reference

	The following arguments are supported:


	* `dataset_id` -
	(Required)
	A unique ID for this dataset, without the project name. The ID
	must contain only letters (a-z, A-Z), numbers (0-9), or
	underscores (_). The maximum length is 1,024 characters.


	- - -


	* `role` -
	(Optional)
	Describes the rights granted to the user specified by the other
	member of the access object. Basic, predefined, and custom roles are
	supported. Predefined roles that have equivalent basic roles are
	swapped by the API to their basic counterparts, and will show a diff
	post-create. See
	[official docs](https://cloud.google.com/bigquery/docs/access-control).

	* `user_by_email` -
	(Optional)
	An email address of a user to grant access to. For example:
	fred@example.com

	* `group_by_email` -
	(Optional)
	An email address of a Google Group to grant access to.

	* `domain` -
	(Optional)
	A domain to grant access to. Any users signed in with the
	domain specified will be granted the specified access

	* `special_group` -
	(Optional)
	A special group to grant access to. Possible values include:

	* `projectOwners`: Owners of the enclosing project.

	* `projectReaders`: Readers of the enclosing project.

	* `projectWriters`: Writers of the enclosing project.

	* `allAuthenticatedUsers`: All authenticated BigQuery users.

	* `iam_member` -
	(Optional)
	Some other type of member that appears in the IAM Policy but isn't a user,
	group, domain, or special group. For example: `allUsers`

	* `view` -
	(Optional)
	A view from a different dataset to grant access to. Queries
	executed against that view will have read access to tables in
	this dataset. The role field is not required when this field is
	set. If that view is updated by any user, access to the view
	needs to be granted again via an update operation.
	Structure is [documented below](#nested_view).

	* `dataset` -
	(Optional)
	Grants all resources of particular types in a particular dataset read access to the current dataset.
	Structure is [documented below](#nested_dataset).

	* `routine` -
	(Optional)
	A routine from a different dataset to grant access to. Queries
	executed against that routine will have read access to tables in
	this dataset. The role field is not required when this field is
	set. If that routine is updated by any user, access to the routine
	needs to be granted again via an update operation.
	Structure is [documented below](#nested_routine).

	* `project` - (Optional) The ID of the project in which the resource belongs.
	If it is not provided, the provider project is used.


	<a name="nested_view"></a>The `view` block supports:

	* `dataset_id` -
	(Required)
	The ID of the dataset containing this table.

	* `project_id` -
	(Required)
	The ID of the project containing this table.

	* `table_id` -
	(Required)
	The ID of the table. The ID must contain only letters (a-z,
	A-Z), numbers (0-9), or underscores (_). The maximum length
	is 1,024 characters.

	<a name="nested_dataset"></a>The `dataset` block supports:

	* `dataset` -
	(Required)
	The dataset this entry applies to
	Structure is [documented below](#nested_dataset).

	* `target_types` -
	(Required)
	Which resources in the dataset this entry applies to. Currently, only views are supported,
	but additional target types may be added in the future. Possible values: VIEWS


	<a name="nested_dataset"></a>The `dataset` block supports:

	* `dataset_id` -
	(Required)
	The ID of the dataset containing this table.

	* `project_id` -
	(Required)
	The ID of the project containing this table.

	<a name="nested_routine"></a>The `routine` block supports:

	* `dataset_id` -
	(Required)
	The ID of the dataset containing this table.

	* `project_id` -
	(Required)
	The ID of the project containing this table.

	* `routine_id` -
	(Required)
	The ID of the routine. The ID must contain only letters (a-z,
	A-Z), numbers (0-9), or underscores (_). The maximum length
	is 256 characters.

	## Attributes Reference

	In addition to the arguments listed above, the following computed attributes are exported:

	* `id` - an identifier for the resource with format `projects/{{project}}/datasets/{{dataset_id}}`


	## Timeouts

	This resource provides the following
	[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

	- `create` - Default is 20 minutes.
	- `delete` - Default is 20 minutes.

	## Import

	This resource does not support import.

	## User Project Overrides

	This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).