Skip to main content

Defining a GCP BigQuery dataset as publicly accessible can lead to data exposure

  • GG_ID: GG_IAC_0020
  • Severity: CRITICAL
  • Complexity: LOW
  • Categories: DATA, PERMISSION
  • Providers: Google Cloud Provider
  • Potential data exposure: True
  • Visible in logs: True
  • User interaction required: False
  • Privileges required: False

Description#

GCP BigQuery is a managed data warehousing solution. Most of the data stored in BigQuery are accessible in tables. When defining a dataset, access roles and groups can be specified. If the "allAuthenticatedUsers" special group is used, all GCP users can access the data stored in the concerned BigQuery dataset.

Impact#

  • Data exposure
  • Data loss

Remediation guidelines#

Avoid using the special groups 'allAuthenticatedUsers' and 'allUsers',prefer specifying precise groups within the targeted organization.

External documentation#