OBJECT_PRIVILEGES view

The INFORMATION_SCHEMA.OBJECT_PRIVILEGES view contains metadata about access control bindings that are explicitly set on BigQuery objects. This view does not contain metadata about the inherited access control bindings.

Required permissions

To query the INFORMATION_SCHEMA.OBJECT_PRIVILEGES view, you need following Identity and Access Management (IAM) permissions:

  • bigquery.datasets.get for datasets.
  • bigquery.tables.getIamPolicy for tables and views.

For more information about BigQuery permissions, see Access control with IAM.

Schema

When you query the INFORMATION_SCHEMA.OBJECT_PRIVILEGES view, the query results contain one row for each access control binding for a resource.

The INFORMATION_SCHEMA.OBJECT_PRIVILEGES view has the following schema:

Column name Data type Value
OBJECT_CATALOG STRING The project ID of the project that contains the resource.
OBJECT_SCHEMA STRING The name of the dataset that contains the resource. This is null for dataset resource types.
OBJECT_NAME STRING The name of the table, view or dataset the policy applies to.
OBJECT_TYPE STRING The resource type, such as SCHEMA (dataset), TABLE, VIEW, and EXTERNAL.
PRIVLEGE_TYPE STRING The role ID, such as roles/bigquery.dataEditor.
GRANTEE STRING The user type and user that the role is granted to.

Scope and syntax

Queries against this view must include a region qualifier. A project ID is optional. If no project ID is specified, then the project that the query runs in is used. The following table explains the region scope for this view:

View name Resource scope Region scope
[PROJECT_ID.]`region-REGION`.INFORMATION_SCHEMA.OBJECT_PRIVILEGES Project level REGION
Replace the following:

  • Optional: PROJECT_ID: the ID of your Google Cloud project. If not specified, the default project is used.
  • REGION: any dataset region name. For example, region-us.