Stay organized with collections
Save and categorize content based on your preferences.
This page describes the detective policies that are included in the v1.0
version of the predefined posture for BigQuery, essentials. This
posture includes a policy set that defines the Security Health Analytics detectors that apply
to BigQuery workloads.
You can use this predefined posture to configure a security posture that helps
protect BigQuery resources. You can deploy this predefined posture
without making any changes.
Security Health Analytics detectors
The following table describes the Security Health Analytics detectors that are included in
this posture.
Detector name
Description
BIGQUERY_TABLE_CMEK_DISABLED
This detector checks whether a BigQuery table isn't configured
to use a customer-managed encryption key (CMEK). For more information, see
Dataset
vulnerability findings.
PUBLIC_DATASET
This detector checks whether a dataset is configured to be open to
public access. For more information, see
Dataset
vulnerability findings.
View the posture template
To view the posture template for BigQuery, essentials, do the following:
gcloud
Before using any of the command data below,
make the following replacements:
ORGANIZATION_ID: the numeric ID of the organization
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-03 UTC."],[],[],null,["| Premium and Enterprise [service tiers](/security-command-center/docs/service-tiers) (requires [organization-level activation](/security-command-center/docs/activate-scc-overview#overview_of_organization-level_activation))\n\nThis page describes the detective policies that are included in the v1.0\nversion of the predefined posture for BigQuery, essentials. This\nposture includes a policy set that defines the Security Health Analytics detectors that apply\nto BigQuery workloads.\n\nYou can use this predefined posture to configure a security posture that helps\nprotect BigQuery resources. You can deploy this predefined posture\nwithout making any changes.\n\nSecurity Health Analytics detectors\n\nThe following table describes the Security Health Analytics detectors that are included in\nthis posture.\n\n| Detector name | Description |\n|--------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| `BIGQUERY_TABLE_CMEK_DISABLED` | This detector checks whether a BigQuery table isn't configured to use a customer-managed encryption key (CMEK). For more information, see [Dataset vulnerability findings](/security-command-center/docs/concepts-vulnerabilities-findings#dataset-findings). |\n| `PUBLIC_DATASET` | This detector checks whether a dataset is configured to be open to public access. For more information, see [Dataset vulnerability findings](/security-command-center/docs/concepts-vulnerabilities-findings#dataset-findings). |\n\nView the posture template\n\n\nTo view the posture template for BigQuery, essentials, do the following: \n\ngcloud\n\n\nBefore using any of the command data below,\nmake the following replacements:\n\n- \u003cvar translate=\"no\"\u003eORGANIZATION_ID\u003c/var\u003e: the numeric ID of the organization\n\n\nExecute the\n\n\n[`gcloud scc posture-templates\ndescribe`](/sdk/gcloud/reference/scc/posture-templates/describe)\n\n\ncommand:\n\nLinux, macOS, or Cloud Shell \n\n```bash\ngcloud scc posture-templates describe \\\n organizations/ORGANIZATION_ID/locations/global/postureTemplates/big_query_essential\n```\n\nWindows (PowerShell) \n\n```bash\ngcloud scc posture-templates describe `\n organizations/ORGANIZATION_ID/locations/global/postureTemplates/big_query_essential\n```\n\nWindows (cmd.exe) \n\n```bash\ngcloud scc posture-templates describe ^\n organizations/ORGANIZATION_ID/locations/global/postureTemplates/big_query_essential\n```\n\nThe response contains the posture template.\n\nREST\n\n\nBefore using any of the request data,\nmake the following replacements:\n\n- \u003cvar translate=\"no\"\u003eORGANIZATION_ID\u003c/var\u003e: the numeric ID of the organization\n\n\nHTTP method and URL:\n\n```\nGET https://securityposture.googleapis.com/v1/organizations/ORGANIZATION_ID/locations/global/postureTemplates/big_query_essential\n```\n\nTo send your request, expand one of these options:\n\ncurl (Linux, macOS, or Cloud Shell) **Note:** The following command assumes that you have logged in to the `gcloud` CLI with your user account by running [`gcloud init`](/sdk/gcloud/reference/init) or [`gcloud auth login`](/sdk/gcloud/reference/auth/login) , or by using [Cloud Shell](/shell/docs), which automatically logs you into the `gcloud` CLI . You can check the currently active account by running [`gcloud auth list`](/sdk/gcloud/reference/auth/list).\n\n\nExecute the following command:\n\n```\ncurl -X GET \\\n -H \"Authorization: Bearer $(gcloud auth print-access-token)\" \\\n \"https://securityposture.googleapis.com/v1/organizations/ORGANIZATION_ID/locations/global/postureTemplates/big_query_essential\"\n```\n\nPowerShell (Windows) **Note:** The following command assumes that you have logged in to the `gcloud` CLI with your user account by running [`gcloud init`](/sdk/gcloud/reference/init) or [`gcloud auth login`](/sdk/gcloud/reference/auth/login) . You can check the currently active account by running [`gcloud auth list`](/sdk/gcloud/reference/auth/list).\n\n\nExecute the following command:\n\n```\n$cred = gcloud auth print-access-token\n$headers = @{ \"Authorization\" = \"Bearer $cred\" }\n\nInvoke-WebRequest `\n -Method GET `\n -Headers $headers `\n -Uri \"https://securityposture.googleapis.com/v1/organizations/ORGANIZATION_ID/locations/global/postureTemplates/big_query_essential\" | Select-Object -Expand Content\n```\n\nThe response contains the posture template.\n\nWhat's next\n\n- [Create a security posture using this predefined posture](/security-command-center/docs/how-to-use-security-posture)."]]
