1. Open the GCP console and navigate to the BigQuery section.
2. Click on the dataset that you want to remediate.
3. In the dataset details page, click on the “Share dataset” button.
4. In the “Share dataset” dialog box, review the current access controls.
5. If the dataset is publicly accessible, click on the “X” next to the “allUsers” entry to remove it.
6. If the dataset is anonymously accessible, click on the “X” next to the “allAuthenticatedUsers” entry to remove it.
7. If you want to grant access to specific users or groups, click on the “Add item” button and enter their email addresses.
8. Choose the appropriate access level for the users or groups, such as “Viewer” or “Editor”.
9. Click on the “Save” button to apply the changes.
10. Finally, verify that the dataset is no longer publicly or anonymously accessible by reviewing the access controls again.

​

1. Open the Cloud Shell from the GCP console.
2. Run the following command to list all the datasets in your project:

bq ls

3. For each dataset that is publicly accessible, run the following command to revoke the public access:

bq update --default_table_expiration <dataset_id>

4. After running the above command, you will see the following prompt:

This update will modify table(s) <dataset_id>:*. Do you want to continue? (y/N):

5. Type y and press enter to confirm the update.
6. Repeat steps 3-5 for all the datasets that are publicly accessible.
7. Run the following command to verify that the datasets are no longer publicly accessible:

bq show <dataset_id>

8. Verify that the defaultTableExpirationMs field is set to -1 in the output. This indicates that the dataset is not publicly accessible.
9. Repeat step 8 for all the datasets that you have remediated.

1. First, you need to authenticate and authorize your Python script to access the Google Cloud Platform. For this, you can use the google-auth and google-auth-oauthlib libraries. Here is an example of how to authenticate and authorize:

from google.oauth2 import service_account
from google.auth.transport.requests import AuthorizedSession

# Load the service account credentials
credentials = service_account.Credentials.from_service_account_file(
    'path/to/service_account.json'
)

# Create an authorized session using the credentials
session = AuthorizedSession(credentials)

2. Once you have authenticated and authorized your script, you can use the google-cloud-bigquery library to access the BigQuery API. Here is an example of how to check if a dataset is publicly accessible:

from google.cloud import bigquery

# Create a BigQuery client
client = bigquery.Client()

# Get the dataset reference
dataset_ref = client.dataset('my_dataset')

# Get the dataset metadata
dataset = client.get_dataset(dataset_ref)

# Check if the dataset is publicly accessible
if dataset.acl_entries:
    for entry in dataset.acl_entries:
        if entry.role == 'READER' and entry.entity_type == 'userByEmail' and entry.entity_id == '':
            print('Dataset is publicly accessible')

3. If the dataset is publicly accessible, you can revoke the public access by removing the READER role for the anonymous user. Here is an example of how to do this:

from google.cloud import bigquery

# Create a BigQuery client
client = bigquery.Client()

# Get the dataset reference
dataset_ref = client.dataset('my_dataset')

# Get the dataset metadata
dataset = client.get_dataset(dataset_ref)

# Remove the public access
if dataset.acl_entries:
    for entry in dataset.acl_entries:
        if entry.role == 'READER' and entry.entity_type == 'userByEmail' and entry.entity_id == '':
            dataset.acl_entries.remove(entry)
            client.update_dataset(dataset, ['acl_entries'])
            print('Public access revoked')