GCP-BigQuery-dataset-is-publicly-accessible

Severity: High

Description: This control ensures that BigQuery dataset does not allow anonymous and/or public access. It is recommended that the IAM policy on BigQuery datasets does not allow anonymous and/or public access. Granting permissions to `allUsers` or `allAuthenticatedUsers` allows anyone to access the dataset. Such access might not be desirable if you are storing any sensitive data. Hence, ensure that anonymous and/or public access to a dataset is not allowed.

Remediation Steps:

Perform following to set CMK for BigQuery dataset :

1. Sign in to GCP Console https://console.cloud.google.com.

2. Open the BigQuery page in the Cloud Console.

3. For each dataset from Resources.

4. Click SHARE DATASET near the right side of the window.

5. Review each attached role.

6. Click on the delete icon for each member allUsers or allAuthenticatedUsers.

7. On the pop-up click Remove.

Important:

Dataset is not publicly accessible. Explicit modification of IAM privileges would be necessary to make them publicly accessible.

Reference:

• CIS Google Cloud Platform Foundation Benchmark v1.2.0 - 05-01-2021: Recommendation #7.1

• https://cloud.google.com/bigquery/docs/dataset-access-controls