如何创建可访问单个数据集的Google BigQuery服务帐户？ [英] How to create a Google BigQuery service account with access to a single dataset?

问题描述

我有尝试过使用服务帐户，但是这给了充分的数据集来访问特定的BigQuery数据集。访问所有数据集。还尝试从不同的应用程序创建服务帐户，并将与证书一起生成的电子邮件地址添加到BigQuery>某些数据集>共享数据集>可以查看，但是这总是导致403访问未配置错误。

我使用服务器到文档中描述的服务器流程：

 从apiclient.discovery导入httplib2 
 
从oauth2client.client导入构建
 import SignedJwtAssertionCredentials 
 
＃用您的项目ID替换
 PROJECT_NUMBER =' XXXXXXXXXXX'
＃从GOOGLE DEV CONSOLE的服务帐户电子邮箱中取代
 SERVICE_ACCOUNT_EMAIL ='XXXXX@developer.gserviceaccount.com'
 
f = file（'key.p12'，' rb'）
 key = f.read（）
 f.close（）
 
 credentials = SignedJwtAssertionCredentials（
 SERVICE_ACCOUNT_EMAIL，
 key，
范围='https：//www.googleapis.com/auth/bigquery.readonly'）
 
 http = httplib2.Http（）
 http = credentials.authorize（http）
 
 service = build（'bigquery'，'v2'）
 tables = service.tables（）
 response = tables.list（projectId = PROJECT_NUMBER，datasetId ='SomeDataset'）。执行（http）
 
 print（r我基本上试图提供只读访问基于外部服务器的应用程序到一个数据集。  
 
解决方案
正如Fh指出的那样，需要在创建服务帐户的Google帐户中激活BigQuery API，而不管它将查询绑定到不同应用程序ID的BigQuery端点。  
Is there any way of granting readonly access to a specific BigQuery Dataset to a given Client ID ?

I've tried using a service account, but this gives full access to all datasets. 

Also tried creating a service account from a different application, and added the email address generated together with the certificate to the BigQuery > Some Dataset > Share Dataset > Can view, but this always results in a 403 "Access not Configured" error. 

I'm using the server to server flow described in the documentation : 
import httplib2

from apiclient.discovery import build
from oauth2client.client import SignedJwtAssertionCredentials

# REPLACE WITH YOUR Project ID
PROJECT_NUMBER = 'XXXXXXXXXXX'
# REPLACE WITH THE SERVICE ACCOUNT EMAIL FROM GOOGLE DEV CONSOLE
SERVICE_ACCOUNT_EMAIL = 'XXXXX@developer.gserviceaccount.com'

f = file('key.p12', 'rb')
key = f.read()
f.close()

credentials = SignedJwtAssertionCredentials(
    SERVICE_ACCOUNT_EMAIL,
    key,
    scope='https://www.googleapis.com/auth/bigquery.readonly')

http = httplib2.Http()
http = credentials.authorize(http)

service = build('bigquery', 'v2')
tables = service.tables()
response = tables.list(projectId=PROJECT_NUMBER, datasetId='SomeDataset').execute(http)

print(response)
I'm basically trying to provide readonly access to an external server based application to a single dataset.  
解决方案
As pointed out by Fh, it is required to activate the BigQuery API in the Google Account where the service account is created, regardless of the fact that it will be querying a BigQuery endpoint bound to a different application ID. 

                        
这篇关于如何创建可访问单个数据集的Google BigQuery服务帐户？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！