The file reads setup data from BigQuery table, which can be updated for feeding inputs to the script.
BQ Codes -
DROP ALL ROW ACCESS POLICIES ON `projectid.TestData.international_debt`;
CREATE OR REPLACE ROW ACCESS POLICY Apac_Policy_Group
ON `projectid.TestData.international_debt`
GRANT TO("group:testaccessgroup@googlegroups.com")
FILTER USING(TRUE);
CREATE OR REPLACE ROW ACCESS POLICY Apac_Policy
ON `projectid.TestData.international_debt`
GRANT TO("user:xxxxxx@gmail.com")
FILTER USING(<Condition>);
Youtube Tutorial - 
Table schema for data entry should be as follows -
| Field name | Type | Mode |
|
Project |
STRING | NULLABLE |
|
Dataset |
STRING | NULLABLE |
|
Table |
STRING | NULLABLE |
|
PolicyName |
STRING | NULLABLE |
|
Groups |
STRING | NULLABLE |
|
Admin |
STRING | NULLABLE |
|
Users |
STRING | NULLABLE |
|
AccessCondition |
STRING | NULLABLE |
Note, admin functionality has not been implemented and can be left out blank.
Multiple user/group entry in table should be of format :user1@gmail.com,user2@gmail.com
Access permissions should be of format identical to where clause :country_name in ('Sri Lanka','Vietnam','China','Hong Kong','Indonesia','India')
Program runs a simple test to request access scope to cloud resources to validate SA key.
Note you should have requesting access to project.
<keyfile> - SA key json file downloaded when Service account key was generated.
<project> - Project to which cloud access is requested
Note:- You may need to install google-auth libraries
