class Google::Cloud::Bigquery::Dataset::Access

# Dataset Access Control

Represents the access control rules for a {Dataset}.

@see cloud.google.com/bigquery/docs/access-control BigQuery

Access Control

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_owner_group "owners@example.com"
  access.add_writer_user "writer@example.com"
  access.remove_writer_user "readers@example.com"
  access.add_reader_special :all_users
end

Constants

GROUPS

@private

ROLES

@private

SCOPES

@private

Public Class Methods

from_gapi(gapi) click to toggle source

@private

# File lib/google/cloud/bigquery/dataset/access.rb, line 1141
def self.from_gapi gapi
  rules = Array gapi.access
  new.tap do |s|
    s.instance_variable_set :@rules, rules
    s.instance_variable_set :@original_rules_hashes, rules.map(&:to_h)
    s.instance_variable_set :@dataset_reference, gapi.dataset_reference
  end
end
new() click to toggle source

@private Initialized a new Access object. Must provide a valid Google::Apis::BigqueryV2::Dataset object. Access will mutate the gapi object.

# File lib/google/cloud/bigquery/dataset/access.rb, line 90
def initialize
  @rules = [] # easiest to do this in the constructor
  @original_rules_hashes = @rules.map(&:to_h)
end

Public Instance Methods

add_owner_domain(domain) click to toggle source

Add owner access to a domain.

@param [String] domain A [Cloud Identity

domain](https://cloud.google.com/iam/docs/overview#cloudid_name_domain).

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_owner_domain "example.com"
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 442
def add_owner_domain domain
  add_access_role_scope_value :owner, :domain, domain
end
add_owner_group(email) click to toggle source

Add owner access to a group.

@param [String] email The email address for the entity.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_owner_group "entity@example.com"
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 402
def add_owner_group email
  add_access_role_scope_value :owner, :group, email
end
add_owner_iam_member(identity) click to toggle source

Add owner access to some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

@param [String] identity The identity reference.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_owner_iam_member "entity@example.com"
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 422
def add_owner_iam_member identity
  add_access_role_scope_value :owner, :iam_member, identity
end
add_owner_special(group) click to toggle source

Add owner access to a special group.

@param [String] group Accepted values are `owners`, `writers`,

`readers`, `all_authenticated_users`, and `all_users`.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_owner_special :all_users
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 462
def add_owner_special group
  add_access_role_scope_value :owner, :special, group
end
add_owner_user(email) click to toggle source

Add owner access to a user.

@param [String] email The email address for the entity.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_owner_user "entity@example.com"
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 383
def add_owner_user email
  add_access_role_scope_value :owner, :user, email
end
add_reader_domain(domain) click to toggle source

Add reader access to a domain.

@param [String] domain A [Cloud Identity

domain](https://cloud.google.com/iam/docs/overview#cloudid_name_domain).

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_reader_domain "example.com"
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 192
def add_reader_domain domain
  add_access_role_scope_value :reader, :domain, domain
end
add_reader_group(email) click to toggle source

Add reader access to a group.

@param [String] email The email address for the entity.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_reader_group "entity@example.com"
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 152
def add_reader_group email
  add_access_role_scope_value :reader, :group, email
end
add_reader_iam_member(identity) click to toggle source

Add reader access to some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

@param [String] identity The identity reference.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_reader_iam_member "entity@example.com"
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 172
def add_reader_iam_member identity
  add_access_role_scope_value :reader, :iam_member, identity
end
add_reader_routine(routine) click to toggle source

Add access to a routine from a different dataset. Queries executed against that routine will have read access to views/tables/routines in this dataset. Only UDF is supported for now. The role field is not required when this field is set. If that routine is updated by any user, access to the routine needs to be granted again via an update operation.

@param [Google::Cloud::Bigquery::Routine] routine A routine object.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true

routine = other_dataset.routine "my_routine"

dataset.access do |access|
  access.add_reader_routine routine
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 239
def add_reader_routine routine
  add_access_routine routine
end
add_reader_special(group) click to toggle source

Add reader access to a special group.

@param [String] group Accepted values are `owners`, `writers`,

`readers`, `all_authenticated_users`, and `all_users`.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_reader_special :all_users
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 212
def add_reader_special group
  add_access_role_scope_value :reader, :special, group
end
add_reader_user(email) click to toggle source

Add reader access to a user.

@param [String] email The email address for the entity.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_reader_user "entity@example.com"
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 133
def add_reader_user email
  add_access_role_scope_value :reader, :user, email
end
add_reader_view(view) click to toggle source

Add reader access to a view.

@param [Google::Cloud::Bigquery::Table, String] view A table object,

or a string identifier as specified by the [Standard SQL Query
Reference](https://cloud.google.com/bigquery/docs/reference/standard-sql/query-syntax#from-clause)
(`project-name.dataset_id.table_id`) or the [Legacy SQL Query
Reference](https://cloud.google.com/bigquery/query-reference#from)
(`project-name:dataset_id.table_id`).

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true

view = other_dataset.table "my_view", skip_lookup: true

dataset.access do |access|
  access.add_reader_view view
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 266
def add_reader_view view
  add_access_view view
end
add_writer_domain(domain) click to toggle source

Add writer access to a domain.

@param [String] domain A [Cloud Identity

domain](https://cloud.google.com/iam/docs/overview#cloudid_name_domain).

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_writer_domain "example.com"
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 344
def add_writer_domain domain
  add_access_role_scope_value :writer, :domain, domain
end
add_writer_group(email) click to toggle source

Add writer access to a group.

@param [String] email The email address for the entity.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_writer_group "entity@example.com"
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 304
def add_writer_group email
  add_access_role_scope_value :writer, :group, email
end
add_writer_iam_member(identity) click to toggle source

Add writer access to some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

@param [String] identity The identity reference.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_writer_iam_member "entity@example.com"
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 324
def add_writer_iam_member identity
  add_access_role_scope_value :writer, :iam_member, identity
end
add_writer_special(group) click to toggle source

Add writer access to a special group.

@param [String] group Accepted values are `owners`, `writers`,

`readers`, `all_authenticated_users`, and `all_users`.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_writer_special :all_users
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 364
def add_writer_special group
  add_access_role_scope_value :writer, :special, group
end
add_writer_user(email) click to toggle source

Add writer access to a user.

@param [String] email The email address for the entity.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.add_writer_user "entity@example.com"
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 285
def add_writer_user email
  add_access_role_scope_value :writer, :user, email
end
changed?() click to toggle source

@private

# File lib/google/cloud/bigquery/dataset/access.rb, line 96
def changed?
  @original_rules_hashes != @rules.map(&:to_h)
end
empty?() click to toggle source

@private

# File lib/google/cloud/bigquery/dataset/access.rb, line 101
def empty?
  @rules.empty?
end
freeze() click to toggle source

@private

Calls superclass method
# File lib/google/cloud/bigquery/dataset/access.rb, line 106
def freeze
  @rules = @rules.map(&:dup).map(&:freeze)
  @rules.freeze
  super
end
owner_domain?(domain) click to toggle source

Checks owner access for a domain.

@param [String] domain A [Cloud Identity

domain](https://cloud.google.com/iam/docs/overview#cloudid_name_domain).

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.owner_domain? "example.com" #=> false
# File lib/google/cloud/bigquery/dataset/access.rb, line 1117
def owner_domain? domain
  lookup_access_role_scope_value :owner, :domain, domain
end
owner_group?(email) click to toggle source

Checks owner access for a group.

@param [String] email The email address for the entity.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.owner_group? "entity@example.com" #=> false
# File lib/google/cloud/bigquery/dataset/access.rb, line 1079
def owner_group? email
  lookup_access_role_scope_value :owner, :group, email
end
owner_iam_member?(identity) click to toggle source

Checks owner access for some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

@param [String] identity The identity reference.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.owner_iam_member? "entity@example.com" #=> false
# File lib/google/cloud/bigquery/dataset/access.rb, line 1098
def owner_iam_member? identity
  lookup_access_role_scope_value :owner, :iam_member, identity
end
owner_special?(group) click to toggle source

Checks owner access for a special group.

@param [String] group Accepted values are `owners`, `writers`,

`readers`, `all_authenticated_users`, and `all_users`.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.owner_special? :all_users #=> false
# File lib/google/cloud/bigquery/dataset/access.rb, line 1136
def owner_special? group
  lookup_access_role_scope_value :owner, :special, group
end
owner_user?(email) click to toggle source

Checks owner access for a user.

@param [String] email The email address for the entity.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.owner_user? "entity@example.com" #=> false
# File lib/google/cloud/bigquery/dataset/access.rb, line 1061
def owner_user? email
  lookup_access_role_scope_value :owner, :user, email
end
reader_domain?(domain) click to toggle source

Checks reader access for a domain.

@param [String] domain A [Cloud Identity

domain](https://cloud.google.com/iam/docs/overview#cloudid_name_domain).

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.reader_domain? "example.com" #=> false
# File lib/google/cloud/bigquery/dataset/access.rb, line 879
def reader_domain? domain
  lookup_access_role_scope_value :reader, :domain, domain
end
reader_group?(email) click to toggle source

Checks reader access for a group.

@param [String] email The email address for the entity.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.reader_group? "entity@example.com" #=> false
# File lib/google/cloud/bigquery/dataset/access.rb, line 841
def reader_group? email
  lookup_access_role_scope_value :reader, :group, email
end
reader_iam_member?(identity) click to toggle source

Checks reader access for some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

@param [String] identity The identity reference.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.reader_iam_member? "entity@example.com" #=> false
# File lib/google/cloud/bigquery/dataset/access.rb, line 860
def reader_iam_member? identity
  lookup_access_role_scope_value :reader, :iam_member, identity
end
reader_routine?(routine) click to toggle source

Checks access for a routine from a different dataset. Queries executed against that routine will have read access to views/tables/routines in this dataset. Only UDF is supported for now. The role field is not required when this field is set. If that routine is updated by any user, access to the routine needs to be granted again via an update operation.

@param [Google::Cloud::Bigquery::Routine] routine A routine object.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true

routine = other_dataset.routine "my_routine", skip_lookup: true

access = dataset.access
access.reader_routine? routine #=> false
# File lib/google/cloud/bigquery/dataset/access.rb, line 924
def reader_routine? routine
  lookup_access_routine routine
end
reader_special?(group) click to toggle source

Checks reader access for a special group.

@param [String] group Accepted values are `owners`, `writers`,

`readers`, `all_authenticated_users`, and `all_users`.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.reader_special? :all_users #=> false
# File lib/google/cloud/bigquery/dataset/access.rb, line 898
def reader_special? group
  lookup_access_role_scope_value :reader, :special, group
end
reader_user?(email) click to toggle source

Checks reader access for a user.

@param [String] email The email address for the entity.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.reader_user? "entity@example.com" #=> false
# File lib/google/cloud/bigquery/dataset/access.rb, line 823
def reader_user? email
  lookup_access_role_scope_value :reader, :user, email
end
reader_view?(view) click to toggle source

Checks reader access for a view.

@param [Google::Cloud::Bigquery::Table, String] view A table object,

or a string identifier as specified by the [Standard SQL Query
Reference](https://cloud.google.com/bigquery/docs/reference/standard-sql/query-syntax#from-clause)
(`project-name.dataset_id.table_id`) or the [Legacy SQL Query
Reference](https://cloud.google.com/bigquery/query-reference#from)
(`project-name:dataset_id.table_id`).

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true

view = other_dataset.table "my_view", skip_lookup: true

access = dataset.access
access.reader_view? view #=> false
# File lib/google/cloud/bigquery/dataset/access.rb, line 950
def reader_view? view
  lookup_access_view view
end
remove_owner_domain(domain) click to toggle source

Remove owner access from a domain.

@param [String] domain A [Cloud Identity

domain](https://cloud.google.com/iam/docs/overview#cloudid_name_domain).

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_owner_domain "example.com"
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 785
def remove_owner_domain domain
  remove_access_role_scope_value :owner, :domain, domain
end
remove_owner_group(email) click to toggle source

Remove owner access from a group.

@param [String] email The email address for the entity.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_owner_group "entity@example.com"
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 745
def remove_owner_group email
  remove_access_role_scope_value :owner, :group, email
end
remove_owner_iam_member(identity) click to toggle source

Remove owner access from some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

@param [String] identity The identity reference.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_owner_iam_member "entity@example.com"
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 765
def remove_owner_iam_member identity
  remove_access_role_scope_value :owner, :iam_member, identity
end
remove_owner_special(group) click to toggle source

Remove owner access from a special group.

@param [String] group Accepted values are `owners`, `writers`,

`readers`, `all_authenticated_users`, and `all_users`.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_owner_special :all_users
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 805
def remove_owner_special group
  remove_access_role_scope_value :owner, :special, group
end
remove_owner_user(email) click to toggle source

Remove owner access from a user.

@param [String] email The email address for the entity.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_owner_user "entity@example.com"
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 726
def remove_owner_user email
  remove_access_role_scope_value :owner, :user, email
end
remove_reader_domain(domain) click to toggle source

Remove reader access from a domain.

@param [String] domain A [Cloud Identity

domain](https://cloud.google.com/iam/docs/overview#cloudid_name_domain).

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_reader_domain "example.com"
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 540
def remove_reader_domain domain
  remove_access_role_scope_value :reader, :domain, domain
end
remove_reader_group(email) click to toggle source

Remove reader access from a group.

@param [String] email The email address for the entity.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_reader_group "entity@example.com"
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 500
def remove_reader_group email
  remove_access_role_scope_value :reader, :group, email
end
remove_reader_iam_member(identity) click to toggle source

Remove reader access from some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

@param [String] identity The identity reference.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_reader_iam_member "entity@example.com"
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 520
def remove_reader_iam_member identity
  remove_access_role_scope_value :reader, :iam_member, identity
end
remove_reader_routine(routine) click to toggle source

Remove reader access from a routine from a different dataset.

@param [Google::Cloud::Bigquery::Routine] routine A routine object.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true

routine = other_dataset.routine "my_routine", skip_lookup: true

dataset.access do |access|
  access.remove_reader_routine routine
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 582
def remove_reader_routine routine
  remove_access_routine routine
end
remove_reader_special(group) click to toggle source

Remove reader access from a special group.

@param [String] group Accepted values are `owners`, `writers`,

`readers`, `all_authenticated_users`, and `all_users`.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_reader_special :all_users
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 560
def remove_reader_special group
  remove_access_role_scope_value :reader, :special, group
end
remove_reader_user(email) click to toggle source

Remove reader access from a user.

@param [String] email The email address for the entity.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_reader_user "entity@example.com"
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 481
def remove_reader_user email
  remove_access_role_scope_value :reader, :user, email
end
remove_reader_view(view) click to toggle source

Remove reader access from a view.

@param [Google::Cloud::Bigquery::Table, String] view A table object,

or a string identifier as specified by the [Standard SQL Query
Reference](https://cloud.google.com/bigquery/docs/reference/standard-sql/query-syntax#from-clause)
(`project-name.dataset_id.table_id`) or the [Legacy SQL Query
Reference](https://cloud.google.com/bigquery/query-reference#from)
(`project-name:dataset_id.table_id`).

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true

view = other_dataset.table "my_view", skip_lookup: true

dataset.access do |access|
  access.remove_reader_view view
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 609
def remove_reader_view view
  remove_access_view view
end
remove_writer_domain(domain) click to toggle source

Remove writer access from a domain.

@param [String] domain A [Cloud Identity

domain](https://cloud.google.com/iam/docs/overview#cloudid_name_domain).

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_writer_domain "example.com"
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 687
def remove_writer_domain domain
  remove_access_role_scope_value :writer, :domain, domain
end
remove_writer_group(email) click to toggle source

Remove writer access from a group.

@param [String] email The email address for the entity.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_writer_group "entity@example.com"
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 647
def remove_writer_group email
  remove_access_role_scope_value :writer, :group, email
end
remove_writer_iam_member(identity) click to toggle source

Remove writer access from some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

@param [String] identity The identity reference.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_writer_iam_member "entity@example.com"
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 667
def remove_writer_iam_member identity
  remove_access_role_scope_value :writer, :iam_member, identity
end
remove_writer_special(group) click to toggle source

Remove writer access from a special group.

@param [String] group Accepted values are `owners`, `writers`,

`readers`, `all_authenticated_users`, and `all_users`.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_writer_special :all_users
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 707
def remove_writer_special group
  remove_access_role_scope_value :writer, :special, group
end
remove_writer_user(email) click to toggle source

Remove writer access from a user.

@param [String] email The email address for the entity.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

dataset.access do |access|
  access.remove_writer_user "entity@example.com"
end
# File lib/google/cloud/bigquery/dataset/access.rb, line 628
def remove_writer_user email
  remove_access_role_scope_value :writer, :user, email
end
to_a() click to toggle source

@private View the access rules as an array of hashes.

# File lib/google/cloud/bigquery/dataset/access.rb, line 114
def to_a
  @rules.map(&:to_h)
end
to_gapi() click to toggle source

@private

# File lib/google/cloud/bigquery/dataset/access.rb, line 1151
def to_gapi
  @rules
end
writer_domain?(domain) click to toggle source

Checks writer access for a domain.

@param [String] domain A [Cloud Identity

domain](https://cloud.google.com/iam/docs/overview#cloudid_name_domain).

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.writer_domain? "example.com" #=> false
# File lib/google/cloud/bigquery/dataset/access.rb, line 1024
def writer_domain? domain
  lookup_access_role_scope_value :writer, :domain, domain
end
writer_group?(email) click to toggle source

Checks writer access for a group.

@param [String] email The email address for the entity.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.writer_group? "entity@example.com" #=> false
# File lib/google/cloud/bigquery/dataset/access.rb, line 986
def writer_group? email
  lookup_access_role_scope_value :writer, :group, email
end
writer_iam_member?(identity) click to toggle source

Checks writer access for some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group.

@param [String] identity The identity reference.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.writer_iam_member? "entity@example.com" #=> false
# File lib/google/cloud/bigquery/dataset/access.rb, line 1005
def writer_iam_member? identity
  lookup_access_role_scope_value :writer, :iam_member, identity
end
writer_special?(group) click to toggle source

Checks writer access for a special group.

@param [String] group Accepted values are `owners`, `writers`,

`readers`, `all_authenticated_users`, and `all_users`.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.writer_special? :all_users #=> false
# File lib/google/cloud/bigquery/dataset/access.rb, line 1043
def writer_special? group
  lookup_access_role_scope_value :writer, :special, group
end
writer_user?(email) click to toggle source

Checks writer access for a user.

@param [String] email The email address for the entity.

@example

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"

access = dataset.access
access.writer_user? "entity@example.com" #=> false
# File lib/google/cloud/bigquery/dataset/access.rb, line 968
def writer_user? email
  lookup_access_role_scope_value :writer, :user, email
end

Protected Instance Methods

add_access_role_scope_value(role, scope, value) click to toggle source

@private

# File lib/google/cloud/bigquery/dataset/access.rb, line 1188
def add_access_role_scope_value role, scope, value
  role = validate_role role
  scope = validate_scope scope
  # If scope is special group, make sure value is in the list
  value = validate_special_group value if scope == :special_group
  # Remove any rules of this scope and value
  @rules.reject!(&find_by_scope_and_value(scope, value))
  # Add new rule for this role, scope, and value
  opts = { role: role, scope => value }
  @rules << Google::Apis::BigqueryV2::Dataset::Access.new(**opts)
end
add_access_routine(routine) click to toggle source

@private

# File lib/google/cloud/bigquery/dataset/access.rb, line 1201
def add_access_routine routine
  value = routine.routine_ref
  # Remove existing routine rule, if any
  @rules.reject!(&find_by_scope_and_resource_ref(:routine, value))
  # Add new rule for this role, scope, and value
  opts = { routine: value }
  @rules << Google::Apis::BigqueryV2::Dataset::Access.new(**opts)
end
add_access_view(value) click to toggle source

@private

# File lib/google/cloud/bigquery/dataset/access.rb, line 1211
def add_access_view value
  # scope is view, make sure value is in the right format
  value = validate_view value
  # Remove existing view rule, if any
  @rules.reject!(&find_by_scope_and_resource_ref(:view, value))
  # Add new rule for this role, scope, and value
  opts = { view: value }
  @rules << Google::Apis::BigqueryV2::Dataset::Access.new(**opts)
end
find_by_role_and_scope_and_value(role, scope, value) click to toggle source

@private

# File lib/google/cloud/bigquery/dataset/access.rb, line 1272
def find_by_role_and_scope_and_value role, scope, value
  lambda do |a|
    h = a.to_h
    h[:role] == role && h[scope] == value
  end
end
find_by_scope_and_resource_ref(scope, value) click to toggle source

@private Compare hash representations to find table_ref, routine_ref.

# File lib/google/cloud/bigquery/dataset/access.rb, line 1288
def find_by_scope_and_resource_ref scope, value
  lambda do |a|
    h = a.to_h
    h[scope].to_h == value.to_h
  end
end
find_by_scope_and_value(scope, value) click to toggle source

@private

# File lib/google/cloud/bigquery/dataset/access.rb, line 1280
def find_by_scope_and_value scope, value
  lambda do |a|
    h = a.to_h
    h[scope] == value
  end
end
lookup_access_role_scope_value(role, scope, value) click to toggle source

@private

# File lib/google/cloud/bigquery/dataset/access.rb, line 1248
def lookup_access_role_scope_value role, scope, value
  role = validate_role role
  scope = validate_scope scope
  # If scope is special group, make sure value is in the list
  value = validate_special_group value if scope == :special_group
  # Detect any rules of this role, scope, and value
  !(!@rules.detect(&find_by_role_and_scope_and_value(role, scope, value)))
end
lookup_access_routine(routine) click to toggle source

@private

# File lib/google/cloud/bigquery/dataset/access.rb, line 1258
def lookup_access_routine routine
  # Detect routine rule, if any
  !(!@rules.detect(&find_by_scope_and_resource_ref(:routine, routine.routine_ref)))
end
lookup_access_view(value) click to toggle source

@private

# File lib/google/cloud/bigquery/dataset/access.rb, line 1264
def lookup_access_view value
  # scope is view, make sure value is in the right format
  value = validate_view value
  # Detect view rule, if any
  !(!@rules.detect(&find_by_scope_and_resource_ref(:view, value)))
end
remove_access_role_scope_value(role, scope, value) click to toggle source

@private

# File lib/google/cloud/bigquery/dataset/access.rb, line 1222
def remove_access_role_scope_value role, scope, value
  role = validate_role role
  scope = validate_scope scope
  # If scope is special group, make sure value is in the list
  value = validate_special_group value if scope == :special_group
  # Remove any rules of this role, scope, and value
  @rules.reject!(
    &find_by_role_and_scope_and_value(role, scope, value)
  )
end
remove_access_routine(routine) click to toggle source

@private

# File lib/google/cloud/bigquery/dataset/access.rb, line 1234
def remove_access_routine routine
  # Remove existing routine rule, if any
  @rules.reject!(&find_by_scope_and_resource_ref(:routine, routine.routine_ref))
end
remove_access_view(value) click to toggle source

@private

# File lib/google/cloud/bigquery/dataset/access.rb, line 1240
def remove_access_view value
  # scope is view, make sure value is in the right format
  value = validate_view value
  # Remove existing view rule, if any
  @rules.reject!(&find_by_scope_and_resource_ref(:view, value))
end
validate_role(role) click to toggle source

@private

# File lib/google/cloud/bigquery/dataset/access.rb, line 1158
def validate_role role
  good_role = ROLES[role.to_s]
  raise ArgumentError "Unable to determine role for #{role}" if good_role.nil?
  good_role
end
validate_scope(scope) click to toggle source

@private

# File lib/google/cloud/bigquery/dataset/access.rb, line 1165
def validate_scope scope
  good_scope = SCOPES[scope.to_s]
  raise ArgumentError "Unable to determine scope for #{scope}" if good_scope.nil?
  good_scope
end
validate_special_group(value) click to toggle source

@private

# File lib/google/cloud/bigquery/dataset/access.rb, line 1172
def validate_special_group value
  good_value = GROUPS[value.to_s]
  return good_value unless good_value.nil?
  value
end
validate_view(view) click to toggle source

@private

# File lib/google/cloud/bigquery/dataset/access.rb, line 1179
def validate_view view
  if view.respond_to? :table_ref
    view.table_ref
  else
    Service.table_ref_from_s view, default_ref: @dataset_reference
  end
end