BigQuery Dataset can be accessed by any user

Description

A misconfigured BigQuery IAM policy allows any unauthorized user access to BigQuery datasets.

An IAM policy grants specific resource permissions to BigQuery and its datasets, which is the primary mechanism for controlling access. A misconfigured IAM policy can expose your organization’s business sensitive data and increases the likelihood that the dataset is used for ransomware, extortion, or leaking sensitive data.

Remediation

  1. Identify the IAM policy assigned to the BigQuery resource.
  2. Identify baseline permissions of the BigQuery resource using Policy Analyzer.
  3. Scope the IAM policy to grant only the required permissions and principals using Policy Simulator. For further guidance, refer to BigQuery - Control access to resources with IAM.