Merge pull request #230 from segmentio/repo-sync

bot-docsteam · web-flow · commit e21b07786764 · 2022-02-22T10:03:42.000-08:00
repo sync
diff --git a/src/connections/storage/catalog/bigquery/index.md b/src/connections/storage/catalog/bigquery/index.md
@@ -105,19 +105,33 @@ from <project-id>.<source-name>.<collection-name>_view
 For early customers using BigQuery with Segment, rather than providing Segment
 with credentials, access was granted to a shared Service Account
 (`connector@segment-1119.iam.gserviceaccount.com`). While convenient for early
-adopters, this presented potential security risks that Segment would prefer to address
-proactively.
+adopters, this presented potential security risks.
 
 As of **March 2019**, Segment requires BigQuery customers to
 create their own Service Accounts and provide the app with those credentials instead.
 In addition, any attempts to update warehouse connection settings will also
 require these credentials. This effectively deprecates the shared Service
 Account.
 
-To stay ahead of this change, migrate your warehouse by following
-the instructions in the "Create a Service Account for Segment" section above.
+Migrate your warehouse from a shared Service Account to a dedicated Service Account 
+by creating a new Service Account using the [Create a Service Account for Segment](#create-a-service-account-for-segment) section.
 Then, head to your warehouse's connection settings and update with the
-**Credentials** you created.
+**Credentials** you created. Once you've verified that data is loading properly 
+to your warehouse, [remove access to the shared Service Account](#remove-access-to-the-shared-service-account).
+
+### Remove access to the shared Service Account
+You can remove access to the shared Service Account 
+(`connector@segment-1119.iam.gserviceaccount.com`) using the following instructions:
+
+1. Create a [new Service Account for Segment](#create-a-service-account-for-segment) using the linked instructions.
+2. Verify that the data is loading into your warehouse. 
+3. Sign in to the [Google Developers Console](https://console.developers.google.com).
+4. Open the IAM & Admin product, and select **IAM**.
+5. From the list of projects, select the project that has BigQuery enabled.
+6. On the project's page, select the **Permissions** tab, and then click **view by PRINCIPALS**. 
+7. Select the checkbox for the `connector@segment-1119.iam.gserviceaccount.com` account and then click **Remove** to remove access to this shared Service Account.
+
+For more information about managing IAM access, see Google's documentation, [Manage access to projects, folders, and organization](https://cloud.google.com/iam/docs/granting-changing-revoking-access).
 
 
 ## Best Practices
@@ -211,4 +225,4 @@ a need for streaming data into BigQuery, [contact Segment support](https://segme
 ### I'm seeing duplicates in my tables.
 
 This behavior is expected. Segment only de-duplicates data in your views. See the
-section on [views](#views) for more details.
+section on [views](#views) for more details.
