Method: projects.locations.dataPolicies.addGrantees

Adds new grantees to a data policy. The new grantees will be added to the existing grantees. If the request contains a duplicate grantee, the grantee will be ignored. If the request contains a grantee that already exists, the grantee will be ignored.

HTTP request

POST https://bigquerydatapolicy.googleapis.com/v2beta1/{dataPolicy=projects/*/locations/*/dataPolicies/*}:addGrantees

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
dataPolicy

string

Required. Resource name of this data policy, in the format of projects/{projectNumber}/locations/{locationId}/dataPolicies/{dataPolicyId}.

Request body

The request body contains data with the following structure:

JSON representation 
{
  "grantees": [
    string
  ]
}
Fields
grantees[]

string

Required. IAM principal that should be granted Fine Grained Access to the underlying data goverened by the data policy. The target data policy is determined by the dataPolicy field.

Uses the IAM V2 principal syntax. Supported principal types:

  • User
  • Group
  • Service account

Response body

If successful, the response body contains an instance of DataPolicy.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/bigquery
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the dataPolicy resource:

  • bigquery.dataPolicies.update

For more information, see the IAM documentation.