The current implementation of the BigQuery connector relies on a specific user’s OAUTH. This means that all actions are performed on that user. While less important for a single or a couple of users, on bigger implementation it posses a few potential issues, all of which can be avoided using a service account:
- If the OAuth expires, no one will have access to the datasource; using a service account there is not need for user consent
- If any permission changes occur on the user for other reasons (user no longer in the company), the datasource will not be accessible
- Currently, any and all queries run through metabase appear on that users’ query history; this might be a nuisance as the history is limited, and some BQ users rely on the query history to re-run queries (not the best habit, I agree)