BigQuery datasets should only be accessible within the organisation
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | bigquery |
| Provider | |
| Vulnerability Type | misconfiguration |
Description#
The BigQuery dataset is configured to grant access to ‘allAuthenticatedUsers’, which allows any Google account holder—including those outside the organization—to access the dataset. This setting bypasses organizational boundaries and exposes data to unintended parties.
Impact#
Sensitive data in the BigQuery dataset could be accessed, viewed, or extracted by anyone with a Google account, including external or malicious actors. This exposure risks data breaches, regulatory non-compliance, and significant reputational and financial harm to the organization.
Resolution#
Configure access permissions with higher granularity