Class: Google::Cloud::Bigquery::Dataset::Access

Inherits:

Object

• Object
• Google::Cloud::Bigquery::Dataset::Access

Defined in:

lib/google/cloud/bigquery/dataset/access.rb

Overview

Dataset Access Control

Represents the access control rules for a Google::Cloud::Bigquery::Dataset.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_owner_group "owners@example.com"
  access.add_writer_user "writer@example.com"
  access.remove_writer_user "readers@example.com"
  access.add_reader_special :all_users
end

See Also:

• BigQuery Access Control

Instance Attribute Summary

• #rules ⇒ Object readonly

  Returns the value of attribute rules.

Instance Method Summary

• #add_owner_domain(domain, condition: nil) ⇒ Object

  Add owner access to a domain.

• #add_owner_group(email, condition: nil) ⇒ Object

  Add owner access to a group.

• #add_owner_iam_member(identity, condition: nil) ⇒ Object

  Add owner access to some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

• #add_owner_special(group) ⇒ Object

  Add owner access to a special group.

• #add_owner_user(email, condition: nil) ⇒ Object

  Add owner access to a user.

• #add_reader_dataset(dataset) ⇒ Object

  Add reader access to a dataset.

• #add_reader_domain(domain, condition: nil) ⇒ Object

  Add reader access to a domain.

• #add_reader_group(email, condition: nil) ⇒ Object

  Add reader access to a group.

• #add_reader_iam_member(identity, condition: nil) ⇒ Object

  Add reader access to some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

• #add_reader_routine(routine) ⇒ Object

  Add access to a routine from a different dataset.

• #add_reader_special(group) ⇒ Object

  Add reader access to a special group.

• #add_reader_user(email, condition: nil) ⇒ Object

  Add reader access to a user.

• #add_reader_view(view) ⇒ Object

  Add reader access to a view.

• #add_writer_domain(domain, condition: nil) ⇒ Object

  Add writer access to a domain.

• #add_writer_group(email, condition: nil) ⇒ Object

  Add writer access to a group.

• #add_writer_iam_member(identity, condition: nil) ⇒ Object

  Add writer access to some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

• #add_writer_special(group) ⇒ Object

  Add writer access to a special group.

• #add_writer_user(email, condition: nil) ⇒ Object

  Add writer access to a user.

• #owner_domain?(domain) ⇒ Boolean

  Checks owner access for a domain.

• #owner_group?(email) ⇒ Boolean

  Checks owner access for a group.

• #owner_iam_member?(identity) ⇒ Boolean

  Checks owner access for some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

• #owner_special?(group) ⇒ Boolean

  Checks owner access for a special group.

• #owner_user?(email) ⇒ Boolean

  Checks owner access for a user.

• #reader_dataset?(dataset) ⇒ Boolean

  Checks reader access for a dataset.

• #reader_domain?(domain) ⇒ Boolean

  Checks reader access for a domain.

• #reader_group?(email) ⇒ Boolean

  Checks reader access for a group.

• #reader_iam_member?(identity) ⇒ Boolean

  Checks reader access for some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

• #reader_routine?(routine) ⇒ Boolean

  Checks access for a routine from a different dataset.

• #reader_special?(group) ⇒ Boolean

  Checks reader access for a special group.

• #reader_user?(email) ⇒ Boolean

  Checks reader access for a user.

• #reader_view?(view) ⇒ Boolean

  Checks reader access for a view.

• #remove_owner_domain(domain) ⇒ Object

  Remove owner access from a domain.

• #remove_owner_group(email) ⇒ Object

  Remove owner access from a group.

• #remove_owner_iam_member(identity) ⇒ Object

  Remove owner access from some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

• #remove_owner_special(group) ⇒ Object

  Remove owner access from a special group.

• #remove_owner_user(email) ⇒ Object

  Remove owner access from a user.

• #remove_reader_dataset(dataset) ⇒ Object

  Removes reader access of a dataset.

• #remove_reader_domain(domain) ⇒ Object

  Remove reader access from a domain.

• #remove_reader_group(email) ⇒ Object

  Remove reader access from a group.

• #remove_reader_iam_member(identity) ⇒ Object

  Remove reader access from some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

• #remove_reader_routine(routine) ⇒ Object

  Remove reader access from a routine from a different dataset.

• #remove_reader_special(group) ⇒ Object

  Remove reader access from a special group.

• #remove_reader_user(email) ⇒ Object

  Remove reader access from a user.

• #remove_reader_view(view) ⇒ Object

  Remove reader access from a view.

• #remove_writer_domain(domain) ⇒ Object

  Remove writer access from a domain.

• #remove_writer_group(email) ⇒ Object

  Remove writer access from a group.

• #remove_writer_iam_member(identity) ⇒ Object

  Remove writer access from some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

• #remove_writer_special(group) ⇒ Object

  Remove writer access from a special group.

• #remove_writer_user(email) ⇒ Object

  Remove writer access from a user.

• #writer_domain?(domain) ⇒ Boolean

  Checks writer access for a domain.

• #writer_group?(email) ⇒ Boolean

  Checks writer access for a group.

• #writer_iam_member?(identity) ⇒ Boolean

  Checks writer access for some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

• #writer_special?(group) ⇒ Boolean

  Checks writer access for a special group.

• #writer_user?(email) ⇒ Boolean

  Checks writer access for a user.

Instance Attribute Details

#rules ⇒ Object (readonly)

Returns the value of attribute rules.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 67

def rules
  @rules
end

Instance Method Details

#add_owner_domain(domain, condition: nil) ⇒ Object

Add owner access to a domain.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_owner_domain "example.com"
end

With a condition:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
condition = Google::Cloud::Bigquery::Condition.new(
  "resource.name.startsWith(\"projects/my-project/datasets/my_dataset/tables/foo\")",
  title: "Table foo only"
)

dataset.access do |access|
  access.add_owner_domain "example.com", condition: condition
end

Parameters:

• domain (String) —

  A Cloud Identity domain.

• condition (Google::Cloud::Bigquery::Condition, nil) (defaults to: nil) —

  An optional condition for the access rule. A condition is a CEL expression that is evaluated to determine if the access rule should be applied. See Condition for more information. To specify a condition, the access_policy_version on the dataset must be set to 3. nil represents an absence of a condition. The default is nil.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 734

def add_owner_domain domain, condition: nil
  add_access_role_scope_value :owner, :domain, domain, condition
end

#add_owner_group(email, condition: nil) ⇒ Object

Add owner access to a group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_owner_group "entity@example.com"
end

With a condition:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
condition = Google::Cloud::Bigquery::Condition.new(
  "resource.name.startsWith(\"projects/my-project/datasets/my_dataset/tables/foo\")",
  title: "Table foo only"
)

dataset.access do |access|
  access.add_owner_group "entity@example.com", condition: condition
end

Parameters:

• email (String) —

  The email address for the entity.

• condition (Google::Cloud::Bigquery::Condition, nil) (defaults to: nil) —

  An optional condition for the access rule. A condition is a CEL expression that is evaluated to determine if the access rule should be applied. See Condition for more information. To specify a condition, the access_policy_version on the dataset must be set to 3. nil represents an absence of a condition. The default is nil.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 652

def add_owner_group email, condition: nil
  add_access_role_scope_value :owner, :group, email, condition
end

#add_owner_iam_member(identity, condition: nil) ⇒ Object

Add owner access to some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_owner_iam_member "entity@example.com"
end

With a condition:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
condition = Google::Cloud::Bigquery::Condition.new(
  "resource.name.startsWith(\"projects/my-project/datasets/my_dataset/tables/foo\")",
  title: "Table foo only"
)

dataset.access do |access|
  access.add_owner_iam_member "entity@example.com", condition: condition
end

Parameters:

• identity (String) —

  The identity reference.

• condition (Google::Cloud::Bigquery::Condition, nil) (defaults to: nil) —

  An optional condition for the access rule. A condition is a CEL expression that is evaluated to determine if the access rule should be applied. See Condition for more information. To specify a condition, the access_policy_version on the dataset must be set to 3. nil represents an absence of a condition. The default is nil.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 693

def add_owner_iam_member identity, condition: nil
  add_access_role_scope_value :owner, :iam_member, identity, condition
end

#add_owner_special(group) ⇒ Object

Add owner access to a special group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_owner_special :all_users
end

Parameters:

• group (String) —

  Accepted values are owners, writers, readers, all_authenticated_users, and all_users.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 754

def add_owner_special group
  add_access_role_scope_value :owner, :special, group, nil
end

#add_owner_user(email, condition: nil) ⇒ Object

Add owner access to a user.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_owner_user "entity@example.com"
end

With a condition:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
condition = Google::Cloud::Bigquery::Condition.new(
  "resource.name.startsWith(\"projects/my-project/datasets/my_dataset/tables/foo\")",
  title: "Table foo only"
)

dataset.access do |access|
  access.add_owner_user "entity@example.com", condition: condition
end

Parameters:

• email (String) —

  The email address for the entity.

• condition (Google::Cloud::Bigquery::Condition, nil) (defaults to: nil) —

  An optional condition for the access rule. A condition is a CEL expression that is evaluated to determine if the access rule should be applied. See Condition for more information. To specify a condition, the access_policy_version on the dataset must be set to 3. nil represents an absence of a condition. The default is nil.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 612

def add_owner_user email, condition: nil
  add_access_role_scope_value :owner, :user, email, condition
end

#add_reader_dataset(dataset) ⇒ Object

Add reader access to a dataset.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true

params = {
  dataset_id: other_dataset.dataset_id,
  project_id: other_dataset.project_id,
  target_types: ["VIEWS"]
}

dataset.access do |access|
  access.add_reader_dataset params
end

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true

dataset.access do |access|
  access.add_reader_dataset other_dataset.access_entry(target_types: ["VIEWS"])
end

Parameters:

• dataset (Google::Cloud::Bigquery::DatasetAccessEntry, Hash<String,String>) —

  A DatasetAccessEntry or a Hash object. Required

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 390

def add_reader_dataset dataset
  add_access_dataset dataset
end

#add_reader_domain(domain, condition: nil) ⇒ Object

Add reader access to a domain.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_reader_domain "example.com"
end

With a condition:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
condition = Google::Cloud::Bigquery::Condition.new(
  "resource.name.startsWith(\"projects/my-project/datasets/my_dataset/tables/foo\")",
  title: "Table foo only"
)

dataset.access do |access|
  access.add_reader_domain "example.com", condition: condition
end

Parameters:

• domain (String) —

  A Cloud Identity domain.

• condition (Google::Cloud::Bigquery::Condition, nil) (defaults to: nil) —

  An optional condition for the access rule. A condition is a CEL expression that is evaluated to determine if the access rule should be applied. See Condition for more information. To specify a condition, the access_policy_version on the dataset must be set to 3. nil represents an absence of a condition. The default is nil.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 278

def add_reader_domain domain, condition: nil
  add_access_role_scope_value :reader, :domain, domain, condition
end

#add_reader_group(email, condition: nil) ⇒ Object

Add reader access to a group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_reader_group "entity@example.com"
end

With a condition:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
condition = Google::Cloud::Bigquery::Condition.new(
  "resource.name.startsWith(\"projects/my-project/datasets/my_dataset/tables/foo\")",
  title: "Table foo only"
)

dataset.access do |access|
  access.add_reader_group "entity@example.com", condition: condition
end

Parameters:

• email (String) —

  The email address for the entity.

• condition (Google::Cloud::Bigquery::Condition, nil) (defaults to: nil) —

  An optional condition for the access rule. A condition is a CEL expression that is evaluated to determine if the access rule should be applied. See Condition for more information. To specify a condition, the access_policy_version on the dataset must be set to 3. nil represents an absence of a condition. The default is nil.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 196

def add_reader_group email, condition: nil
  add_access_role_scope_value :reader, :group, email, condition
end

#add_reader_iam_member(identity, condition: nil) ⇒ Object

Add reader access to some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_reader_iam_member "entity@example.com"
end

With a condition:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
condition = Google::Cloud::Bigquery::Condition.new(
  "resource.name.startsWith(\"projects/my-project/datasets/my_dataset/tables/foo\")",
  title: "Table foo only"
)

dataset.access do |access|
  access.add_reader_iam_member "entity@example.com", condition: condition
end

Parameters:

• identity (String) —

  The identity reference.

• condition (Google::Cloud::Bigquery::Condition, nil) (defaults to: nil) —

  An optional condition for the access rule. A condition is a CEL expression that is evaluated to determine if the access rule should be applied. See Condition for more information. To specify a condition, the access_policy_version on the dataset must be set to 3. nil represents an absence of a condition. The default is nil.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 237

def add_reader_iam_member identity, condition: nil
  add_access_role_scope_value :reader, :iam_member, identity, condition
end

#add_reader_routine(routine) ⇒ Object

Add access to a routine from a different dataset. Queries executed against that routine will have read access to views/tables/routines in this dataset. Only UDF is supported for now. The role field is not required when this field is set. If that routine is updated by any user, access to the routine needs to be granted again via an update operation.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true

routine = other_dataset.routine "my_routine"

dataset.access do |access|
  access.add_reader_routine routine
end

Parameters:

• routine (Google::Cloud::Bigquery::Routine) —

  A routine object.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 325

def add_reader_routine routine
  add_access_routine routine
end

#add_reader_special(group) ⇒ Object

Add reader access to a special group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_reader_special :all_users
end

Parameters:

• group (String) —

  Accepted values are owners, writers, readers, all_authenticated_users, and all_users.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 298

def add_reader_special group
  add_access_role_scope_value :reader, :special, group, nil
end

#add_reader_user(email, condition: nil) ⇒ Object

Add reader access to a user.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_reader_user "entity@example.com"
end

With a condition:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
condition = Google::Cloud::Bigquery::Condition.new(
  "resource.name.startsWith(\"projects/my-project/datasets/my_dataset/tables/foo\")",
  title: "Table foo only"
)

dataset.access do |access|
  access.add_reader_user "entity@example.com", condition: condition
end

Parameters:

• email (String) —

  The email address for the entity.

• condition (Google::Cloud::Bigquery::Condition, nil) (defaults to: nil) —

  An optional condition for the access rule. A condition is a CEL expression that is evaluated to determine if the access rule should be applied. See Condition for more information. To specify a condition, the access_policy_version on the dataset must be set to 3. nil represents an absence of a condition. The default is nil.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 156

def add_reader_user email, condition: nil
  add_access_role_scope_value :reader, :user, email, condition
end

#add_reader_view(view) ⇒ Object

Add reader access to a view.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true

view = other_dataset.table "my_view", skip_lookup: true

dataset.access do |access|
  access.add_reader_view view
end

Parameters:

• view (Google::Cloud::Bigquery::Table, String) —

  A table object, or a string identifier as specified by the Standard SQL Query Reference (project-name.dataset_id.table_id) or the Legacy SQL Query Reference (project-name:dataset_id.table_id).

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 352

def add_reader_view view
  add_access_view view
end

#add_writer_domain(domain, condition: nil) ⇒ Object

Add writer access to a domain.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_writer_domain "example.com"
end

With a condition:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
condition = Google::Cloud::Bigquery::Condition.new(
  "resource.name.startsWith(\"projects/my-project/datasets/my_dataset/tables/foo\")",
  title: "Table foo only"
)

dataset.access do |access|
  access.add_writer_domain "example.com", condition: condition
end

Parameters:

• domain (String) —

  A Cloud Identity domain.

• condition (Google::Cloud::Bigquery::Condition, nil) (defaults to: nil) —

  An optional condition for the access rule. A condition is a CEL expression that is evaluated to determine if the access rule should be applied. See Condition for more information. To specify a condition, the access_policy_version on the dataset must be set to 3. nil represents an absence of a condition. The default is nil.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 552

def add_writer_domain domain, condition: nil
  add_access_role_scope_value :writer, :domain, domain, condition
end

#add_writer_group(email, condition: nil) ⇒ Object

Add writer access to a group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_writer_group "entity@example.com"
end

With a condition:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
condition = Google::Cloud::Bigquery::Condition.new(
  "resource.name.startsWith(\"projects/my-project/datasets/my_dataset/tables/foo\")",
  title: "Table foo only"
)

dataset.access do |access|
  access.add_writer_group "entity@example.com", condition: condition
end

Parameters:

• email (String) —

  The email address for the entity.

• condition (Google::Cloud::Bigquery::Condition, nil) (defaults to: nil) —

  An optional condition for the access rule. A condition is a CEL expression that is evaluated to determine if the access rule should be applied. See Condition for more information. To specify a condition, the access_policy_version on the dataset must be set to 3. nil represents an absence of a condition. The default is nil.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 470

def add_writer_group email, condition: nil
  add_access_role_scope_value :writer, :group, email, condition
end

#add_writer_iam_member(identity, condition: nil) ⇒ Object

Add writer access to some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_writer_iam_member "entity@example.com"
end

With a condition:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
condition = Google::Cloud::Bigquery::Condition.new(
  "resource.name.startsWith(\"projects/my-project/datasets/my_dataset/tables/foo\")",
  title: "Table foo only"
)

dataset.access do |access|
  access.add_writer_iam_member "entity@example.com", condition: condition
end

Parameters:

• identity (String) —

  The identity reference.

• condition (Google::Cloud::Bigquery::Condition, nil) (defaults to: nil) —

  An optional condition for the access rule. A condition is a CEL expression that is evaluated to determine if the access rule should be applied. See Condition for more information. To specify a condition, the access_policy_version on the dataset must be set to 3. nil represents an absence of a condition. The default is nil.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 511

def add_writer_iam_member identity, condition: nil
  add_access_role_scope_value :writer, :iam_member, identity, condition
end

#add_writer_special(group) ⇒ Object

Add writer access to a special group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_writer_special :all_users
end

Parameters:

• group (String) —

  Accepted values are owners, writers, readers, all_authenticated_users, and all_users.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 572

def add_writer_special group
  add_access_role_scope_value :writer, :special, group, nil
end

#add_writer_user(email, condition: nil) ⇒ Object

Add writer access to a user.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_writer_user "entity@example.com"
end

With a condition:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
condition = Google::Cloud::Bigquery::Condition.new(
  "resource.name.startsWith(\"projects/my-project/datasets/my_dataset/tables/foo\")",
  title: "Table foo only"
)

dataset.access do |access|
  access.add_writer_user "entity@example.com", condition: condition
end

Parameters:

• email (String) —

  The email address for the entity.

• condition (Google::Cloud::Bigquery::Condition, nil) (defaults to: nil) —

  An optional condition for the access rule. A condition is a CEL expression that is evaluated to determine if the access rule should be applied. See Condition for more information. To specify a condition, the access_policy_version on the dataset must be set to 3. nil represents an absence of a condition. The default is nil.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 430

def add_writer_user email, condition: nil
  add_access_role_scope_value :writer, :user, email, condition
end

#owner_domain?(domain) ⇒ Boolean

Checks owner access for a domain.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.owner_domain? "example.com" #=> false

Parameters:

• domain (String) —

  A Cloud Identity domain.

Returns:

• (Boolean)

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 1481

def owner_domain? domain
  lookup_access_role_scope_value :owner, :domain, domain
end

#owner_group?(email) ⇒ Boolean

Checks owner access for a group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.owner_group? "entity@example.com" #=> false

Parameters:

• email (String) —

  The email address for the entity.

Returns:

• (Boolean)

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 1443

def owner_group? email
  lookup_access_role_scope_value :owner, :group, email
end

#owner_iam_member?(identity) ⇒ Boolean

Checks owner access for some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.owner_iam_member? "entity@example.com" #=> false

Parameters:

• identity (String) —

  The identity reference.

Returns:

• (Boolean)

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 1462

def owner_iam_member? identity
  lookup_access_role_scope_value :owner, :iam_member, identity
end

#owner_special?(group) ⇒ Boolean

Checks owner access for a special group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.owner_special? :all_users #=> false

Parameters:

• group (String) —

  Accepted values are owners, writers, readers, all_authenticated_users, and all_users.

Returns:

• (Boolean)

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 1500

def owner_special? group
  lookup_access_role_scope_value :owner, :special, group
end

#owner_user?(email) ⇒ Boolean

Checks owner access for a user.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.owner_user? "entity@example.com" #=> false

Parameters:

• email (String) —

  The email address for the entity.

Returns:

• (Boolean)

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 1425

def owner_user? email
  lookup_access_role_scope_value :owner, :user, email
end

#reader_dataset?(dataset) ⇒ Boolean

Checks reader access for a dataset.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true

params = {
  dataset_id: other_dataset.dataset_id,
  project_id: other_dataset.project_id,
  target_types: ["VIEWS"]
}

dataset.access.reader_dataset? params

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true

dataset.access.reader_dataset? other_dataset.access_entry(target_types: ["VIEWS"])

Parameters:

• dataset (Google::Cloud::Bigquery::DatasetAccessEntry, Hash<String,String>) —

  A DatasetAccessEntry or a Hash object. Required

Returns:

• (Boolean)

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 1314

def reader_dataset? dataset
  lookup_access_dataset dataset
end

#reader_domain?(domain) ⇒ Boolean

Checks reader access for a domain.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.reader_domain? "example.com" #=> false

Parameters:

• domain (String) —

  A Cloud Identity domain.

Returns:

• (Boolean)

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 1209

def reader_domain? domain
  lookup_access_role_scope_value :reader, :domain, domain
end

#reader_group?(email) ⇒ Boolean

Checks reader access for a group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.reader_group? "entity@example.com" #=> false

Parameters:

• email (String) —

  The email address for the entity.

Returns:

• (Boolean)

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 1171

def reader_group? email
  lookup_access_role_scope_value :reader, :group, email
end

#reader_iam_member?(identity) ⇒ Boolean

Checks reader access for some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.reader_iam_member? "entity@example.com" #=> false

Parameters:

• identity (String) —

  The identity reference.

Returns:

• (Boolean)

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 1190

def reader_iam_member? identity
  lookup_access_role_scope_value :reader, :iam_member, identity
end

#reader_routine?(routine) ⇒ Boolean

Checks access for a routine from a different dataset. Queries executed against that routine will have read access to views/tables/routines in this dataset. Only UDF is supported for now. The role field is not required when this field is set. If that routine is updated by any user, access to the routine needs to be granted again via an update operation.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true

routine = other_dataset.routine "my_routine", skip_lookup: true

access = dataset.access
access.reader_routine? routine #=> false

Parameters:

• routine (Google::Cloud::Bigquery::Routine) —

  A routine object.

Returns:

• (Boolean)

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 1254

def reader_routine? routine
  lookup_access_routine routine
end

#reader_special?(group) ⇒ Boolean

Checks reader access for a special group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.reader_special? :all_users #=> false

Parameters:

• group (String) —

  Accepted values are owners, writers, readers, all_authenticated_users, and all_users.

Returns:

• (Boolean)

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 1228

def reader_special? group
  lookup_access_role_scope_value :reader, :special, group
end

#reader_user?(email) ⇒ Boolean

Checks reader access for a user.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.reader_user? "entity@example.com" #=> false

Parameters:

• email (String) —

  The email address for the entity.

Returns:

• (Boolean)

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 1153

def reader_user? email
  lookup_access_role_scope_value :reader, :user, email
end

#reader_view?(view) ⇒ Boolean

Checks reader access for a view.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true

view = other_dataset.table "my_view", skip_lookup: true

access = dataset.access
access.reader_view? view #=> false

Parameters:

• view (Google::Cloud::Bigquery::Table, String) —

  A table object, or a string identifier as specified by the Standard SQL Query Reference (project-name.dataset_id.table_id) or the Legacy SQL Query Reference (project-name:dataset_id.table_id).

Returns:

• (Boolean)

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 1280

def reader_view? view
  lookup_access_view view
end

#remove_owner_domain(domain) ⇒ Object

Remove owner access from a domain.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_owner_domain "example.com"
end

Parameters:

• domain (String) —

  A Cloud Identity domain.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 1115

def remove_owner_domain domain
  remove_access_role_scope_value :owner, :domain, domain
end

#remove_owner_group(email) ⇒ Object

Remove owner access from a group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_owner_group "entity@example.com"
end

Parameters:

• email (String) —

  The email address for the entity.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 1075

def remove_owner_group email
  remove_access_role_scope_value :owner, :group, email
end

#remove_owner_iam_member(identity) ⇒ Object

Remove owner access from some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_owner_iam_member "entity@example.com"
end

Parameters:

• identity (String) —

  The identity reference.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 1095

def remove_owner_iam_member identity
  remove_access_role_scope_value :owner, :iam_member, identity
end

#remove_owner_special(group) ⇒ Object

Remove owner access from a special group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_owner_special :all_users
end

Parameters:

• group (String) —

  Accepted values are owners, writers, readers, all_authenticated_users, and all_users.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 1135

def remove_owner_special group
  remove_access_role_scope_value :owner, :special, group
end

#remove_owner_user(email) ⇒ Object

Remove owner access from a user.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_owner_user "entity@example.com"
end

Parameters:

• email (String) —

  The email address for the entity.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 1056

def remove_owner_user email
  remove_access_role_scope_value :owner, :user, email
end

#remove_reader_dataset(dataset) ⇒ Object

Removes reader access of a dataset.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true

params = {
  dataset_id: other_dataset.dataset_id,
  project_id: other_dataset.project_id,
  target_types: ["VIEWS"]
}

dataset.access do |access|
  access.remove_reader_dataset params
end

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true

dataset.access do |access|
  access.remove_reader_dataset other_dataset.access_entry(target_types: ["VIEWS"])
end

Parameters:

• dataset (Google::Cloud::Bigquery::DatasetAccessEntry, Hash<String,String>) —

  A DatasetAccessEntry or a Hash object. Required

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 939

def remove_reader_dataset dataset
  remove_access_dataset dataset
end

#remove_reader_domain(domain) ⇒ Object

Remove reader access from a domain.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_reader_domain "example.com"
end

Parameters:

• domain (String) —

  A Cloud Identity domain.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 832

def remove_reader_domain domain
  remove_access_role_scope_value :reader, :domain, domain
end

#remove_reader_group(email) ⇒ Object

Remove reader access from a group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_reader_group "entity@example.com"
end

Parameters:

• email (String) —

  The email address for the entity.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 792

def remove_reader_group email
  remove_access_role_scope_value :reader, :group, email
end

#remove_reader_iam_member(identity) ⇒ Object

Remove reader access from some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_reader_iam_member "entity@example.com"
end

Parameters:

• identity (String) —

  The identity reference.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 812

def remove_reader_iam_member identity
  remove_access_role_scope_value :reader, :iam_member, identity
end

#remove_reader_routine(routine) ⇒ Object

Remove reader access from a routine from a different dataset.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true

routine = other_dataset.routine "my_routine", skip_lookup: true

dataset.access do |access|
  access.remove_reader_routine routine
end

Parameters:

• routine (Google::Cloud::Bigquery::Routine) —

  A routine object.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 874

def remove_reader_routine routine
  remove_access_routine routine
end

#remove_reader_special(group) ⇒ Object

Remove reader access from a special group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_reader_special :all_users
end

Parameters:

• group (String) —

  Accepted values are owners, writers, readers, all_authenticated_users, and all_users.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 852

def remove_reader_special group
  remove_access_role_scope_value :reader, :special, group
end

#remove_reader_user(email) ⇒ Object

Remove reader access from a user.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_reader_user "entity@example.com"
end

Parameters:

• email (String) —

  The email address for the entity.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 773

def remove_reader_user email
  remove_access_role_scope_value :reader, :user, email
end

#remove_reader_view(view) ⇒ Object

Remove reader access from a view.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true

view = other_dataset.table "my_view", skip_lookup: true

dataset.access do |access|
  access.remove_reader_view view
end

Parameters:

• view (Google::Cloud::Bigquery::Table, String) —

  A table object, or a string identifier as specified by the Standard SQL Query Reference (project-name.dataset_id.table_id) or the Legacy SQL Query Reference (project-name:dataset_id.table_id).

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 901

def remove_reader_view view
  remove_access_view view
end

#remove_writer_domain(domain) ⇒ Object

Remove writer access from a domain.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_writer_domain "example.com"
end

Parameters:

• domain (String) —

  A Cloud Identity domain.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 1017

def remove_writer_domain domain
  remove_access_role_scope_value :writer, :domain, domain
end

#remove_writer_group(email) ⇒ Object

Remove writer access from a group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_writer_group "entity@example.com"
end

Parameters:

• email (String) —

  The email address for the entity.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 977

def remove_writer_group email
  remove_access_role_scope_value :writer, :group, email
end

#remove_writer_iam_member(identity) ⇒ Object

Remove writer access from some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_writer_iam_member "entity@example.com"
end

Parameters:

• identity (String) —

  The identity reference.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 997

def remove_writer_iam_member identity
  remove_access_role_scope_value :writer, :iam_member, identity
end

#remove_writer_special(group) ⇒ Object

Remove writer access from a special group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_writer_special :all_users
end

Parameters:

• group (String) —

  Accepted values are owners, writers, readers, all_authenticated_users, and all_users.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 1037

def remove_writer_special group
  remove_access_role_scope_value :writer, :special, group
end

#remove_writer_user(email) ⇒ Object

Remove writer access from a user.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_writer_user "entity@example.com"
end

Parameters:

• email (String) —

  The email address for the entity.

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 958

def remove_writer_user email
  remove_access_role_scope_value :writer, :user, email
end

#writer_domain?(domain) ⇒ Boolean

Checks writer access for a domain.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.writer_domain? "example.com" #=> false

Parameters:

• domain (String) —

  A Cloud Identity domain.

Returns:

• (Boolean)

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 1388

def writer_domain? domain
  lookup_access_role_scope_value :writer, :domain, domain
end

#writer_group?(email) ⇒ Boolean

Checks writer access for a group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.writer_group? "entity@example.com" #=> false

Parameters:

• email (String) —

  The email address for the entity.

Returns:

• (Boolean)

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 1350

def writer_group? email
  lookup_access_role_scope_value :writer, :group, email
end

#writer_iam_member?(identity) ⇒ Boolean

Checks writer access for some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.writer_iam_member? "entity@example.com" #=> false

Parameters:

• identity (String) —

  The identity reference.

Returns:

• (Boolean)

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 1369

def writer_iam_member? identity
  lookup_access_role_scope_value :writer, :iam_member, identity
end

#writer_special?(group) ⇒ Boolean

Checks writer access for a special group.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.writer_special? :all_users #=> false

Parameters:

• group (String) —

  Accepted values are owners, writers, readers, all_authenticated_users, and all_users.

Returns:

• (Boolean)

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 1407

def writer_special? group
  lookup_access_role_scope_value :writer, :special, group
end

#writer_user?(email) ⇒ Boolean

Checks writer access for a user.

Examples:

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.writer_user? "entity@example.com" #=> false

Parameters:

• email (String) —

  The email address for the entity.

Returns:

• (Boolean)

# File 'lib/google/cloud/bigquery/dataset/access.rb', line 1332

def writer_user? email
  lookup_access_role_scope_value :writer, :user, email
end