Hello, we have policy tags defined on some of our tables. They work as expected, users with masked reader permission see masked data and users with fine-grained reader permission can see cleartext.
However, even as the organization owner and having data catalog admin role, when we try to view the preview tab of those tables, we get:
Access Denied: Permission bigquery.tables.getData denied on table XXXX (or it may not exist).
Is this a known limitation or is there something we can do to fix that?
Thanks,
Serkan
Solved! Go to Solution.
Yes, this is a known behavior when using BigQuery with Data Catalog policy tags. The preview tab in the BigQuery Console requires the bigquery.tables.getData
permission. However, when policy tags are applied to columns in a table, access to the entire table is controlled by the policy tag's permissions, even if you have the bigquery.tables.getData
permission.
Currently, there's no direct workaround to view the data in the preview tab for tables with policy tags. However, you can still view the table's metadata using the bigquery.tables.get
permission. To query the data in the table, you'll need the bigquery.jobs.query
permission, but access to the actual data will be determined by the policy tag's permissions.
The BigQuery team is continually improving and updating features, so it's possible they might address this behavior in the future. For now, you can use the bigquery.tables.get
permission to view table metadata and the bigquery.jobs.query
permission to query the table data, keeping in mind the restrictions imposed by policy tags.
Yes, this is a known behavior when using BigQuery with Data Catalog policy tags. The preview tab in the BigQuery Console requires the bigquery.tables.getData
permission. However, when policy tags are applied to columns in a table, access to the entire table is controlled by the policy tag's permissions, even if you have the bigquery.tables.getData
permission.
Currently, there's no direct workaround to view the data in the preview tab for tables with policy tags. However, you can still view the table's metadata using the bigquery.tables.get
permission. To query the data in the table, you'll need the bigquery.jobs.query
permission, but access to the actual data will be determined by the policy tag's permissions.
The BigQuery team is continually improving and updating features, so it's possible they might address this behavior in the future. For now, you can use the bigquery.tables.get
permission to view table metadata and the bigquery.jobs.query
permission to query the table data, keeping in mind the restrictions imposed by policy tags.
Thanks very much for the quick and authoritative response!
User | Count |
---|---|
5 | |
1 | |
1 | |
1 | |
1 |