Stay organized with collections Save and categorize content based on your preferences.
Data control language (DCL) statements in GoogleSQLThe BigQuery data control language (DCL) statements let you set up and control BigQuery resources using GoogleSQL query syntax.
Use these statements to give or remove access to BigQuery resources.
For more information on controlling access to specific BigQuery resources, see:
Permissions requiredThe following permissions are required to run GRANT and REVOKE statements.
bigquery.datasets.update Table bigquery.tables.setIamPolicy View bigquery.tables.setIamPolicy GRANT statement
Grants roles to users on BigQuery resources.
SyntaxGRANT role_list ON resource_type resource_name TO user_listArguments
role_list: A role or list of comma separated roles that contains the permissions you want to grant. For more information on the types of roles available, see Understanding roles.
resource_type: The type of resource the role is applied to. Supported values include: SCHEMA (equivalent to dataset), TABLE, VIEW, EXTERNAL TABLE.
resource_name: The name of the resource you want to grant the permission on.
user_list: A comma separated list of users that the role is granted to.
user_list
Specify users using the following formats:
User Type Syntax Example Google accountuser:$user@$domain user:first.last@example.com Google group group:$group@$domain group:my-group@example.com Service account serviceAccount:$user@$project.iam.gserviceaccount.com serviceAccount:robot@example.iam.gserviceaccount.com Google domain domain:$domain domain:example.com All Google accounts specialGroup:allAuthenticatedUsers specialGroup:allAuthenticatedUsers All users specialGroup:allUsers specialGroup:allUsers
For more information about each type of user in the table, see Concepts related to identity.
ExampleThe following example grants the bigquery.dataViewer role to the users raha@example-pet-store.com and sasha@example-pet-store.com on a dataset named myDataset:
GRANT `roles/bigquery.dataViewer` ON SCHEMA `myProject`.myDataset
TO "user:raha@example-pet-store.com", "user:sasha@example-pet-store.com"
REVOKE statement
Removes roles from a list of users on BigQuery resources.
SyntaxREVOKE role_list ON resource_type resource_name FROM user_listArguments
role_list: A role or list of comma separated roles that contains the permissions you want to remove. For more information on the types of roles available, see Understanding roles.
resource_type: The type of resource that the role will be removed from. Supported values include: SCHEMA (equivalent to dataset), TABLE, VIEW, EXTERNAL TABLE.
resource_name: The name of the resource you want to revoke the role on.
user_list: A comma separated list of users that the role is revoked from.
The following example removes the bigquery.admin role on the myDataset dataset from the example-team@example-pet-store.com group and a service account:
REVOKE `roles/bigquery.admin` ON SCHEMA `myProject`.myDataset
FROM "group:example-team@example-pet-store.com", "serviceAccount:user@test-project.iam.gserviceaccount.com"
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-08-07 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["Data control language (DCL) statements in GoogleSQL are used to manage access to BigQuery resources using SQL query syntax."],["The `GRANT` statement assigns specified roles to users on resources such as datasets, tables, views, and external tables."],["The `REVOKE` statement removes specified roles from users, allowing administrators to control permissions on BigQuery resources."],["Permissions required to execute `GRANT` and `REVOKE` statements include `bigquery.datasets.update` for datasets and `bigquery.tables.setIamPolicy` for tables and views."],["Users can be specified in `GRANT` and `REVOKE` statements using formats for Google accounts, groups, service accounts, domains, and special groups like `allAuthenticatedUsers` and `allUsers`."]]],[]]
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4