This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Cannot see BigQuery preview tab when table has policy tags

Posted on 10-17-2023 12:29 AM
serkancamurcu
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hello, we have policy tags defined on some of our tables. They work as expected, users with masked reader permission see masked data and users with fine-grained reader permission can see cleartext.

However, even as the organization owner and having data catalog admin role, when we try to view the preview tab of those tables, we get:

Access Denied: Permission bigquery.tables.getData denied on table XXXX (or it may not exist).

Is this a known limitation or is there something we can do to fix that?

Thanks,

Serkan

Solved Solved
0 2 499
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
ms4446
Staff
Reply posted on --/--/---- --:-- AM

Yes, this is a known behavior when using BigQuery with Data Catalog policy tags. The preview tab in the BigQuery Console requires the bigquery.tables.getData permission. However, when policy tags are applied to columns in a table, access to the entire table is controlled by the policy tag's permissions, even if you have the bigquery.tables.getData permission.

Currently, there's no direct workaround to view the data in the preview tab for tables with policy tags. However, you can still view the table's metadata using the bigquery.tables.get permission. To query the data in the table, you'll need the bigquery.jobs.query permission, but access to the actual data will be determined by the policy tag's permissions.

The BigQuery team is continually improving and updating features, so it's possible they might address this behavior in the future. For now, you can use the bigquery.tables.get permission to view table metadata and the bigquery.jobs.query permission to query the table data, keeping in mind the restrictions imposed by policy tags.

View solution in original post

Jump to Solution
2 REPLIES 2

Posted on --/--/---- --:-- AM
ms4446
Staff
Reply posted on --/--/---- --:-- AM

Yes, this is a known behavior when using BigQuery with Data Catalog policy tags. The preview tab in the BigQuery Console requires the bigquery.tables.getData permission. However, when policy tags are applied to columns in a table, access to the entire table is controlled by the policy tag's permissions, even if you have the bigquery.tables.getData permission.

Currently, there's no direct workaround to view the data in the preview tab for tables with policy tags. However, you can still view the table's metadata using the bigquery.tables.get permission. To query the data in the table, you'll need the bigquery.jobs.query permission, but access to the actual data will be determined by the policy tag's permissions.

The BigQuery team is continually improving and updating features, so it's possible they might address this behavior in the future. For now, you can use the bigquery.tables.get permission to view table metadata and the bigquery.jobs.query permission to query the table data, keeping in mind the restrictions imposed by policy tags.

Jump to Solution

Posted on --/--/---- --:-- AM
serkancamurcu
Bronze 2
Bronze 2
In response to ms4446
Reply posted on --/--/---- --:-- AM

Thanks very much for the quick and authoritative response!

Jump to Solution
0 Likes