We are just getting underway with using BigQuery and wanted to get some insight from those with some experience.
We have many projects in GCP owned by many teams across the business. In our very early days just messing around with GCP & Looker we have had teams create their own service account and throw the details at us to add into Looker.
This results in many connections (which is fine) but each of these use a different service account and Looker admins will have to manage the keys when they change.
The other option is to have a generic Looker service account which we tell people to give read access to their project (PDTs could be created in a separate Looker project which this account has write access to).
This results in us managing only 1 key and potentially many connections (which is again fine) but we would lose out on security - people could hook a model up to (for example) a marketing project but just reference the finance project since the service account in use will have read access on GCP.
I could see a hybrid approach working well here where non sensitive projects just adds read access a generic Looker service account and then we have specific service accounts for sensitive projects.