Access Control of BigQuery through IAM
By utilizing IAM (Identity and Access Management), finely-grained access control to BigQuery can be established. The units of control are as follows:
- Project
- Dataset
- Table
- Column
- Authorized View
Project-Level Access Control
When using BigQuery, access control can be set across the entire project using IAM roles. By assigning IAM roles to specific users or groups for a Google Cloud project, access permissions can be granted to all datasets within that project.
Dataset-Level Access Control
In BigQuery, datasets function similarly to schemas in other data warehouses. Datasets logically bundle tables and can be created within a project without limitations. Multiple datasets within the same region can be referenced or joined in a single query.
Table-Level Access Control
BigQuery incorporates table-specific access control features, allowing permissions to be granted to users or groups for specific tables only. This allows control over access to specific tables within a dataset without granting access to the entire dataset. This maintains data security and flexibility while restricting access to specific information.
Column-Level Access Control
Even within BigQuery tables, access control at the column level is feasible. Particularly for columns containing sensitive information such as personal data, detailed access control may be necessary. Columns containing personal information such as user IDs or names can be configured to be viewable only by specific users or groups. This safeguards data privacy and permits access only to necessary users.
Authorized Views
Authorized views allow users or groups to access the results of queries without granting access to the tables referenced by the view. For instance, transaction detail data can be presented as aggregated views without directly providing access to users or groups. This maintains data security while efficiently sharing only the required information.
Ryusei Kakujo
Focusing on data science for mobility
Bench Press 100kg!