Jobs should be able to restrict target datasets #42
Assignees
Labels
api: bigquery
Issues related to the googleapis/python-bigquery API.
type: feature request
‘Nice-to-have’ improvement, new feature or different behavior or design.
Comments
product-auto-label
bot
added
the
api: bigquery
busunkim96
added
the
type: feature request
|
This feels like something better solved by using the bigquery service's access control and governance features, not a weak enforcement in the client library. If that set of features is insufficient, I'd file a request on the BQ issue tracker: https://b.corp.google.com/issues/new?component=187149&template=0 |
|
That makes sense – a conditional IAM policy based solution would make sense for this use-case, and there is an issue for it in the public issue tracker. Will continue discussion there. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is similar to the proposal in googleapis/google-cloud-python#6042, but relates to specific jobs rather than client bindings. Simply managing multiple keys isn't really a viable solution for some use cases, such as superset (apache/superset#9182)
Even for less security-sensitive usecases, I think this would be a valuable affordance for developers to more clearly define code contracts.
The text was updated successfully, but these errors were encountered: