Could you please advice how to set up IAM permissions, so our BQ admins could see all the logs connected with BQ activity, but they shouldn’t have access to the rest of logs?
Are you looking for this? BigQuery audit logs overview | Google Cloud
One option we did is the log sink. You can use a log sink for Bigquery Audit logs. You can filter only the Bigquery Audit logs for your log sink.