You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/connections/storage/catalog/bigquery/index.md
+20-6Lines changed: 20 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -105,19 +105,33 @@ from <project-id>.<source-name>.<collection-name>_view
105
105
For early customers using BigQuery with Segment, rather than providing Segment
106
106
with credentials, access was granted to a shared Service Account
107
107
(`connector@segment-1119.iam.gserviceaccount.com`). While convenient for early
108
-
adopters, this presented potential security risks that Segment would prefer to address
109
-
proactively.
108
+
adopters, this presented potential security risks.
110
109
111
110
As of **March 2019**, Segment requires BigQuery customers to
112
111
create their own Service Accounts and provide the app with those credentials instead.
113
112
In addition, any attempts to update warehouse connection settings will also
114
113
require these credentials. This effectively deprecates the shared Service
115
114
Account.
116
115
117
-
To stay ahead of this change, migrate your warehouse by following
118
-
the instructions in the "Create a Service Account for Segment" section above.
116
+
Migrate your warehouse from a shared Service Account to a dedicated Service Account
117
+
by creating a new Service Account using the [Create a Service Account for Segment](#create-a-service-account-for-segment) section.
119
118
Then, head to your warehouse's connection settings and update with the
120
-
**Credentials** you created.
119
+
**Credentials** you created. Once you've verified that data is loading properly
120
+
to your warehouse, [remove access to the shared Service Account](#remove-access-to-the-shared-service-account).
121
+
122
+
### Remove access to the shared Service Account
123
+
You can remove access to the shared Service Account
124
+
(`connector@segment-1119.iam.gserviceaccount.com`) using the following instructions:
125
+
126
+
1. Create a [new Service Account for Segment](#create-a-service-account-for-segment) using the linked instructions.
127
+
2. Verify that the data is loading into your warehouse.
128
+
3. Sign in to the [Google Developers Console](https://console.developers.google.com).
129
+
4. Open the IAM & Admin product, and select **IAM**.
130
+
5. From the list of projects, select the project that has BigQuery enabled.
131
+
6. On the project's page, select the **Permissions** tab, and then click **view by PRINCIPALS**.
132
+
7. Select the checkbox for the `connector@segment-1119.iam.gserviceaccount.com` account and then click **Remove** to remove access to this shared Service Account.
133
+
134
+
For more information about managing IAM access, see Google's documentation, [Manage access to projects, folders, and organization](https://cloud.google.com/iam/docs/granting-changing-revoking-access).
121
135
122
136
123
137
## Best Practices
@@ -211,4 +225,4 @@ a need for streaming data into BigQuery, [contact Segment support](https://segme
211
225
### I'm seeing duplicates in my tables.
212
226
213
227
This behavior is expected. Segment only de-duplicates data in your views. See the
0 commit comments