services / Google Cloud / BigQuery jobs

BigQuery models allow users to build machine-learning pipelines within BigQuery.

Marked as HIGH (vs. CRITICAL), as the scope of data accessible via models is generally likely to be more limited than direct query access. This may underestimate scope in the event that an organization's primary function depends on machine learning implemented within BigQuery models.


bigquery.​models.​export

From Google: "Export a model.". Requires bigquery.jobs.create in order to create the export job.

Risks

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​cloud.​google.​com/​bigquery/​docs/​access-​control
  • https:​/​/​cloud.​google.​com/​bigquery/​docs/​exporting-​models
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog