A retail analytics team stores transaction history in a BigQuery table, which includes a PII column called customer_email.
Requirements for a new Looker Studio dashboard are:
Interactive response times (<1 s) for common ad-hoc filters.
Only allow analysts to see aggregated revenue metrics; the PII column must never leave BigQuery.
You have already:
Tagged customer_email with a data policy that masks the column.
Granted the analysts only the BigQuery Data Viewer role on the dataset.
Which approach satisfies every requirement while letting BigQuery BI Engine cache the results that power the dashboard?
Point the dashboard directly at the base table; BI Engine will ignore the masked column during caching, and the existing Data Viewer role is sufficient for access.
Use BigQuery Data Transfer Service to export the allowed columns into a new table in a different dataset, grant analysts access to that table, and let BI Engine accelerate the dashboard against the new table.
Create an authorized view that selects only non-PII columns, grant analysts access to that view, and point the Looker Studio report to it so BI Engine can cache its results.
Create a materialized view that aggregates revenue but excludes the customer_email column, then connect the dashboard directly to the materialized view.
BI Engine can cache results that are served through authorized views, and the cache respects both column-level security and dynamic data masking. Creating an authorized view that selects only the non-PII columns exposes the permitted data without revealing customer_email, and BI Engine can use its in-memory cache for queries issued against that view. A materialized view cannot be created on a subset of columns when a policy-tagged column is present, and exporting to a separate table would duplicate data and break the data masking guarantees. Connecting directly to the base table requires broader table permissions and still relies on the masking policy being applied at query time, but the analysts currently lack access. Therefore, publishing an authorized view that omits the sensitive column and pointing the dashboard to that view is the only option that meets the security, permission, and performance goals.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an authorized view in BigQuery?
Open an interactive chat with Bash
How does BigQuery BI Engine improve dashboard performance?
Open an interactive chat with Bash
Why is dynamic data masking necessary for protecting PII in BigQuery?
Open an interactive chat with Bash
What is a BigQuery authorized view?
Open an interactive chat with Bash
How does BI Engine improve dashboard performance in BigQuery?
Open an interactive chat with Bash
Why can’t a materialized view be used when policy-tagged columns are included?
Open an interactive chat with Bash
GCP Professional Data Engineer
Preparing and using data for analysis
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .