Users can query bigquery datasets without permissions

[micimize]

Once a user has permissions to any bigquery dataset, they can query any other dataset superset has access to, just by using the dataset prefix. This is probably because the bigquery client jobs have no dataset restrictions googleapis/google-cloud-python#6042

[willbarrett]

As mentioned in the linked ticket, the current correct behavior is to manage access at the Google Cloud API layer. The client library is not able to make restrictions like the one described in this ticket, thus Superset is similarly limited. Thank you for bringing this to our attention.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. For admin, please label this issue .pinned to prevent stale bot from closing the issue.

[micimize]

This should probably be .pinned

[micimize]

The referenced python-bigquery issue was closed in favor of adding conditional IAM support to bigquery. Once/if that is done, I think superset could add a field to the request with a list of authenticated datasets and have a recommended IAM policy to set.

[graceguo-supercat]

close this since no recent follow-up.