Access configuration defaults to using the separate `google_bigquery_dataset_access` resource, so as to leave the default dataset access rules untouched.
You can choose to manage the `google_bigquery_dataset` access rules instead via the `dataset_access` variable, but be sure to always have at least one `OWNER` access and to avoid duplicating accesses, or `terraform apply` will fail.
The access variables are split into `access_roles` and `access_identities` variables, so that dynamic values can be passed in for identities (eg a service account email generated by a different module or resource). The `access_views` variable is separate, so as to allow proper type constraints.
To create views use the `view` variable. If you're querying a table created by the same module `terraform apply` will initially fail and eventually succeed once the underlying table has been created. You can probably also use the module's output in the view's query to create a dependency on the table.
| *access_identities* | Map of access identities used for access roles with type different from `view`. A separate variable is needed as identities can be set to dynamic values. | <codetitle="map(string)">map(string)</code> | | <codetitle="">{}</code> |
| *access_roles* | Map of access rules with role and identity type. Keys are arbitrary and only used to combine identities with each role. Valid types are `domain`, `group_by_email`, `special_group`, `user_by_email`, `view`. | <codetitle="map(object({ role = string type = string }))">map(object({...}))</code> | | <codetitle="">{}</code> |
| *access_views* | Map of view data for access roles with identity type equal to `view`. A separate variable is needed as identities can be set to dynamic values. | <codetitle="map(object({ project_id = string dataset_id = string table_id = string }))">map(object({...}))</code> | | <codetitle="">{}</code> |
| *dataset_access* | Set access in the dataset resource instead of using separate resources. | <codetitle="">bool</code> | | <codetitle="">false</code> |
| *encryption_key* | Self link of the KMS key that will be used to protect destination table. | <codetitle="">string</code> | | <codetitle="">null</code> |