You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
500 data scientists
a lot of groups (100+)
cannot create 100 service accounts
When I create a cluster, it uses project service account
Instead, it should use my own credentials for interacting with GCS or BigQuery
The way it was working 1.5+ years ago
grant service account access to GCS bucket
when reads happen, read should be executed as my user, not the service account
authorization should be granted by groups
when I create a cluster, I should be able to access the next service using my own principal rather than granting the permissions to the service account.
for personal cluster, only I will have access to. Access will only come from my user. There is no shared concept in this personal cluster.
For general purpose (not personal cluster), access is determined at the time of request (GCS, BigQuery, whatever). The user who launched the job will be the user as whom the service requests are issued.
The text was updated successfully, but these errors were encountered:
Please add test to exercise an authorization delegation use case
https://issuetracker.google.com/issues/384553523
500 data scientists
a lot of groups (100+)
cannot create 100 service accounts
When I create a cluster, it uses project service account
Instead, it should use my own credentials for interacting with GCS or BigQuery
The way it was working 1.5+ years ago
grant service account access to GCS bucket
when reads happen, read should be executed as my user, not the service account
authorization should be granted by groups
when I create a cluster, I should be able to access the next service using my own principal rather than granting the permissions to the service account.
for personal cluster, only I will have access to. Access will only come from my user. There is no shared concept in this personal cluster.
For general purpose (not personal cluster), access is determined at the time of request (GCS, BigQuery, whatever). The user who launched the job will be the user as whom the service requests are issued.
The text was updated successfully, but these errors were encountered: