IAM misconfigurations

User with an admin/data owner/data editor access to BigQuery

Platform(s)
Compliance Frameworks
  • CCPA
  • ,
  • coppa
  • ,
  • CPRA
  • ,
  • Data Security Posture Management (DSPM) Best Practices
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • Mitre ATT&CK
  • ,
  • New Zealand Information Security Manual
  • ,
  • NIST 800-53
  • ,
  • Orca Best Practices
  • ,
  • PDPA
  • ,
  • pipeda
  • ,
  • UK Cyber Essentials

Description

The user {GcpUser} was granted an access to BigQuery as an Admin or Data Owner or Data Editor. This can result with full control over BigQuery resources and data.