Severity Framework
Snyk CCSS
Rule category
Data / Databases
Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-Controls
CIS-Google
CSA-CCM
HIPAA
ISO-27001
SOC-2
- Snyk ID SNYK-CC-00433
- credit Snyk Research Team
Description
Potentially anyone can access data in the dataset.
How to fix?
Remove allAuthenticatedUsers
and allUsers
values from access.special_group
attribute.
Example Configuration
resource "google_bigquery_dataset" "allowed_3" {
dataset_id = "example_dataset3"
friendly_name = "test"
description = "This is a test description"
location = "EU"
default_table_expiration_ms = 3600000
access {
role = "OWNER"
special_group = "projectOwners"
}
}