Profile Applicability:

  • Level 1

Description:

It is recommended to ensure that the IAM policy for BigQuery datasets does not grant permissions to anonymous users or make them publicly accessible.

Rationale:

Granting permissions to allUsers or allAuthenticatedUsers allows unrestricted access to a dataset, which can lead to unauthorized exposure of sensitive data. To maintain data security and privacy, it is crucial to restrict access and avoid granting permissions to these roles.

Impact:

Datasets will no longer be publicly accessible. Any attempt to make them publicly available will require explicit modification of the IAM permissions.

Default Value:

By default, BigQuery datasets are not publicly accessible.

Audit Steps:

Using Google Cloud Console:
  1. Navigate to BigQuery.

                         

  1. Select a dataset under Resources.

                       

  1. Click SHARING on the right side of the window and choose Permissions.

             

  1. Verify that no roles include allUsers or allAuthenticatedUsers.

           

Using Google Cloud CLI:

List all datasets:

bq ls

Retrieve the details of each dataset:

bq show PROJECT_ID:DATASET_NAME
  1. Check the access section of the dataset details to ensure that no permissions are granted to allUsers or allAuthenticatedUsers.

Remediation Steps:

Using Google Cloud Console:
  1. Navigate to BigQuery.

                       

  1. Select the dataset from Resources.

                   

  1. Click SHARING and choose Permissions.

                

  1. Review the attached roles.

                     

  1. Remove any entries for allUsers or allAuthenticatedUsers:

    • Click the delete icon next to the role.

         

  • Confirm by clicking Remove.

       

Using Google Cloud CLI:

List all datasets:

bq ls

Retrieve the dataset details:

bq show --format=prettyjson PROJECT_ID:DATASET_NAME > PATH_TO_FILE
  1. In the access section of the JSON file, remove any roles assigned to allUsers or allAuthenticatedUsers.

Update the dataset with the modified JSON:

bq update --source PATH_TO_FILE PROJECT_ID:DATASET_NAME

Prevention:

To ensure BigQuery datasets do not become publicly accessible in the future:

Backout Plan:

Step 1: Revert Configuration

If dataset access needs to be temporarily restored, re-add necessary permissions:

bq update --source dataset_policy.json PROJECT_ID:DATASET_NAME

Modify dataset_policy.json to include the required IAM roles.

Step 2: Notify Stakeholders

  • If rollback is required, inform data engineers and security teams about temporary access adjustments.

Step 3: Restore from Backup (If Necessary)

  • If access configuration issues persist, restore the dataset IAM policy from a previous version.

Step 4: Validate Rollback Success

  • Run the audit steps again to confirm that the intended permissions are restored.

References:

  1. BigQuery Dataset Access Controls

CIS Controls:

Control

Description

IG 1

IG 2

IG 3

3.3 Configure Data Access Control Lists

Apply data access controls based on the principle of least privilege for local and remote systems.

14.6 Protect Information through Access Control Lists

Ensure that only authorized users have access to sensitive information based on their responsibilities.