Your company publishes a BigQuery dataset through Analytics Hub. It contains the table customer_orders with a column market_segment (STRING). Subscribers belong to two Google Groups: [email protected] should only see rows where market_segment = "EU", whereas [email protected] must see every row. You want to share a single table, avoid duplicating data, and ensure that the correct rows are always filtered, even as new data is appended. What should you do?
Create a materialized view that filters market_segment = "EU" for the analysts group and share that view, while granting auditors direct access to the base table.
Attach two row-level access policies to customer_orders: one that grants [email protected] access with FILTER USING (market_segment = "EU") and another that grants [email protected] access with FILTER USING (TRUE). Then publish the dataset.
Copy customer_orders into two separate datasets, restrict each dataset with IAM so the analysts group sees the filtered copy and the auditors group sees the full copy, and publish two listings.
Partition customer_orders by market_segment and grant partition-level IAM permissions to each group so that analysts can read only the EU partition.
Row-level security in BigQuery lets you attach one or more row access policies to a table. Each policy names the principals it applies to and supplies a FILTER USING expression that is evaluated for every query. When several policies match a user, the returned result is the union of the rows allowed by each policy. Creating one policy that grants [email protected] access with the filter market_segment = "EU", and another policy that grants [email protected] access with the filter TRUE (or 1 = 1), satisfies both requirements. The same metadata is enforced automatically on linked datasets created by Analytics Hub, so no extra objects or data copies are needed. Partition-level permissions are not supported, column-level security does not hide whole rows, and creating separate views or datasets increases maintenance and complexity.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
ELI5: What is row-level security in BigQuery?
Open an interactive chat with Bash
How does FILTER USING work in BigQuery row-level access policies?
Open an interactive chat with Bash
Why is row-level security better than creating separate views or tables?
Open an interactive chat with Bash
What is row-level security in BigQuery?
Open an interactive chat with Bash
What is a FILTER USING expression in BigQuery row-level security?
Open an interactive chat with Bash
How does BigQuery manage access for linked datasets in Analytics Hub?
Open an interactive chat with Bash
GCP Professional Data Engineer
Preparing and using data for analysis
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .