Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Checking Permissions with Policy Analyzer

            Created by Ben Deverman, Modified on Thu, 10 Oct at 12:18 PM by Ben Deverman

            Are you an administrator user looking to double-check permissions to a BigQuery dataset or table? You can do so with Policy Analyzer (you can also navigate to Policy Analyzer by searching for it in the search bar at the top of Google Cloud or open the left-hand side navigation menu and go to IAM & Admin > Policy Analyzer)! 


            When you open the Policy Analyzer dashboard, you’ll see a number of existing templates you can use or you can create a custom query. Feel free to utilize any of the templates available, but note that all the templates have the same functionality but are just pre-filled with parameters for that specific use case.



            For now, we’re going to run a custom query. The learnings from this custom query can be applied to all the templates as well.

            1. Click “Create Custom Query” in the custom query card.
            2. Select the scope to run the query over.
              1. Select your partner project (or if you have access to multiple projects, select the one you want to specifically check permissions on).
            3. Set the query parameters. For the query parameters, you must set at least one parameter. You can set more than one (including multiples of the same parameter type), but keep in mind that if you have additional parameters they may restrict the analysis too much to where no permissions are found. Below are short blurbs about the available parameters and what you might use them for:
              1. Resource: A Google Cloud resource you want to analyze permissions on. For example, a BigQuery dataset or table.
              2. Principal: A user, group, or service account you want to analyze. 
                1. Note: Due to the permissioning structure of Google Cloud with groups, you won’t be able to check a specific user’s access. You must check the group that the user belongs to which you can see at Google Groups.
              3. Role: A role you want to see what principals have access to. 
              4. Permission: A specific permission you want to check, such as `bigquery.tables.get` or `storage.objects.get`.
            4. Set Parameter 1 to “Resource”. In the searchbar next to it, search for “viewers_dataset”. A drop down list should pop up where you can select the viewers_dataset resource for your project. 

            1. Click “CONTINUE”. On the next page, you’ll see advanced options for the query. These are optional, and you generally won’t need to use any besides the first option:
              1. List resources within resource(s) matching your query: This option is useful for if you’re analyzing a dataset resource and also want to see the permissions broken down by each table/view inside that given dataset.
            2. Click “ANALYZE” and in the drop down, select “Run query”. You should see the results of the analysis in just a few seconds.



            1. Done! You’re now ready to kick off your own Policy Analyzer queries. 

             

            Helpful Links and Documentation

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0