'BigQuery access, security and cost controls?
I'm totally new to BQ and learning as much as I can. I'm not sure how access and cost controls work if I create a multi-tenant environment.
Here's my use case, I have different clients who are sending me data and I'm providing analytics on. My thought was to accept this via a API/cloudrun-->pubsub-->dataflow/my analytics-->BQ
Within BQ, for each client, I was going to create a dataset and tables so the different clients' data is separated. But I was thinking maybe there's more I need to do, is there a better way to secure each dataset for each client? Also can I enforce limits on each dataset so if there are too many reports being run by a specific client then I can manage my budgets?
Lastly, I'm totally new to BQ so if there are other considerations I should be thinking about I would appreciate any feedback.
Edit - just to clarify, I have seen access controls for IAM but these clients do not have direct IAM accounts, they have logical accounts on our platform(firebase and our own table with user attributes), so I'm not sure to restrict access other than via app logic but I might be missing something here.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|