2222import java .util .Objects ;
2323
2424/**
25- * Access Control for a BigQuery Dataset.
25+ * Access Control for a BigQuery Dataset. BigQuery uses ACLs to manage permissions on datasets. ACLs
26+ * are not directly supported on tables. A table inherits its ACL from the dataset that contains it.
27+ * Project roles affect your ability to run jobs or manage the project, while dataset roles affect
28+ * how you can access or modify the data inside of a project.
29+ *
30+ * @see <a href="https://cloud.google.com/bigquery/access-control">Access Control</a>
2631 */
2732public final class Acl implements Serializable {
2833
@@ -31,16 +36,38 @@ public final class Acl implements Serializable {
3136 private final Entity entity ;
3237 private final Role role ;
3338
39+ /**
40+ * Dataset roles supported by BigQuery.
41+ *
42+ * @see <a href="https://cloud.google.com/bigquery/access-control#datasetroles">Dataset Roles</a>
43+ */
3444 public enum Role {
35- OWNER , READER , WRITER
45+ /**
46+ * Can read, query, copy or export tables in the dataset.
47+ */
48+ READER ,
49+ /**
50+ * Same as {@link #READER} plus can edit or append data in the dataset.
51+ */
52+ WRITER ,
53+ /**
54+ * Same as {@link #WRITER} plus can update and delete the dataset.
55+ */
56+ OWNER
3657 }
3758
59+ /**
60+ * Base class for BigQuery entities that can be grant access to the dataset.
61+ */
3862 public static abstract class Entity implements Serializable {
3963
4064 private static final long serialVersionUID = 8111776788607959944L ;
4165
4266 private final Type type ;
4367
68+ /**
69+ * Types of BigQuery entities.
70+ */
4471 public enum Type {
4572 DOMAIN , GROUP , USER , VIEW
4673 }
@@ -78,7 +105,8 @@ static Entity fromPb(Access access) {
78105 }
79106
80107 /**
81- * Class for a BigQuery Domain entity.
108+ * Class for a BigQuery Domain entity. Objects of this class represent a domain to grant access
109+ * to. Any users signed in with the domain specified will be granted the specified access.
82110 */
83111 public static final class Domain extends Entity {
84112
@@ -131,7 +159,10 @@ Access toPb() {
131159 }
132160
133161 /**
134- * Class for a BigQuery Group entity.
162+ * Class for a BigQuery Group entity. Objects of this class represent a group to grante access to.
163+ * A Group entity can be created given the group's email or can be a special group:
164+ * {@link #ofProjectOwners()}, {@link #ofProjectReaders()}, {@link #ofProjectWriters()} or
165+ * {@link #ofAllAuthenticatedUsers()}.
135166 */
136167 public static final class Group extends Entity {
137168
@@ -144,19 +175,19 @@ public static final class Group extends Entity {
144175 private final String identifier ;
145176
146177 /**
147- * Creates a Group entity given its identifier. Identifier can be either a special group
148- * identifier ({@code projectOwners}, {@code projectReaders}, {@code projectWriters} and
149- * {@code allAuthenticatedUsers}) or a group email.
178+ * Creates a Group entity given its identifier. Identifier can be either a
179+ * <a href="https://cloud.google.com/bigquery/docs/reference/v2/datasets#access.specialGroup">
180+ * special group identifier</a> or a group email.
150181 */
151182 public Group (String identifier ) {
152183 super (Type .GROUP );
153184 this .identifier = identifier ;
154185 }
155186
156187 /**
157- * Returns group's identifier, can be either a special group identifier ({@code projectOwners},
158- * {@code projectReaders}, {@code projectWriters} and {@code allAuthenticatedUsers}) or a group
159- * email.
188+ * Returns group's identifier, can be either a
189+ * <a href="https://cloud.google.com/bigquery/docs/reference/v2/datasets#access.specialGroup">
190+ * special group identifier</a> or a group email.
160191 */
161192 public String identifier () {
162193 return identifier ;
@@ -196,9 +227,8 @@ Access toPb() {
196227 case ALL_AUTHENTICATED_USERS :
197228 return new Access ().setSpecialGroup (ALL_AUTHENTICATED_USERS );
198229 default :
199- break ;
230+ return new Access (). setGroupByEmail ( identifier ) ;
200231 }
201- return new Access ().setGroupByEmail (identifier );
202232 }
203233
204234 /**
@@ -223,15 +253,16 @@ public static Group ofProjectWriters() {
223253 }
224254
225255 /**
226- * Returns a Group entity representing all project's users.
256+ * Returns a Group entity representing all BigQuery authenticated users.
227257 */
228258 public static Group ofAllAuthenticatedUsers () {
229259 return new Group (ALL_AUTHENTICATED_USERS );
230260 }
231261 }
232262
233263 /**
234- * Class for a BigQuery User entity.
264+ * Class for a BigQuery User entity. Objects of this class represent a user to grant access to
265+ * given the email address.
235266 */
236267 public static final class User extends Entity {
237268
@@ -283,7 +314,10 @@ Access toPb() {
283314 }
284315
285316 /**
286- * Class for a BigQuery View entity.
317+ * Class for a BigQuery View entity. Objects of this class represent a view from a different
318+ * dataset to grant access to. Queries executed against that view will have read access to tables
319+ * in this dataset. The role field is not required when this field is set. If that view is updated
320+ * by any user, access to the view needs to be granted again via an update operation.
287321 */
288322 public static final class View extends Entity {
289323
@@ -298,7 +332,7 @@ public View(TableId id) {
298332 }
299333
300334 /**
301- * Returns table's email .
335+ * Returns table's identity .
302336 */
303337 public TableId id () {
304338 return id ;
0 commit comments