This document shows you how to control column access by adding BigQuery policy tags to table columns with Dataform core .
You can set BigQuery policy tags
on table columns in the config
block in a table definition SQLX file.
Before you begin
-
In the Google Cloud console, go to the Dataformpage.
-
Select or create a repository .
-
Select or create a development workspace .
Required roles
To get the permissions that
you need to add a BigQuery policy tag to a table in Dataform,
ask your administrator to grant you the Dataform Editor
( roles/dataform.editor
)
IAM role on workspaces.
For more information about granting roles, see Manage access to projects, folders, and organizations
.
You might also be able to get the required permissions through custom roles or other predefined roles .
Additionally, you must grant the BigQuery roles for column-level access control to your Dataform service agent or custom service account .
Add a BigQuery policy tag
To add a BigQuery policy tag to a table column, follow these steps:
- Go to your development workspace.
- In the Filespane, expand
definitions/. - Select a table definition SQLX file.
-
In the
configblock, add a full tag identifier to a selected column in the following format:columns: { column_name: { bigqueryPolicyTags: [" FULL_TAG_IDENTIFIER "] } }Replace FULL_TAG_IDENTIFIER with the full identifier of the selected tag.
-
Optional: Click Format.
The following code sample shows the projects/example-project/locations/us/taxonomies/123456789/policyTags/123456789
sample BigQuery policy tag added to column1
:
config {
type: "table",
columns: {
column1: {
description: "Some description",
bigqueryPolicyTags: ["projects/example-project/locations/us/taxonomies/123456789/policyTags/123456789"]
}
}
}
SELECT "test" AS column1
What's next
- To learn more about BigQuery policy tags, see Introduction to column-level access control .
- To learn how to add BigQuery labels in Dataform, see Add BigQuery labels .
- To learn how to add Dataform tags to create collections of tables, see Add execution tags .
