Is it possible to create a group and give access to each group member to the table specific to them such that each member can not view others' table except their own? Thanks
Hi James, you can share tables with specific users using their email address: cloud.google.com/bigquery/docs/table-access-controls-intro. If you wanted to do this programmatically across many users, you could set the policies using gcloud or the APIs: cloud.google.com/iam/docs/granting-changing-revoking-access#setting-policy
hi Alicia, great video, thank you. I read documentation and is not clear to me the difference between data viewer and job user. Can you please confirm if my understanding is correct? If I have a single project that contains different datasets and I would like to able different teams to SEE and QUERY only the data for their respective dataset I have to provide members dataviewer role on each dataset. Instead if I set jobuser role to different teams I can only set it at project level so it's impossible to segregate by dataset and besides with this role they can QUERY data but they cannot SEE them. Thank you in advance for your reply.
For part 1, you would have to provide them Data Viewer access at each individual dataset level based on what you wanted them to access, and then also give them Job User roles at the project level (this allows them to run queries which will be billed to the attached billing account). Sometimes you might want to be able to separate the query usage (and billing information) between teams. In that case, you can still have one project where all your datasets live and where you grant dataset-level Data Viewer roles to various users/groups. Then, each user/team would have separate projects in which they have the Job User role and this is where they would actually run queries over the data (and each would have their own billing accounts where query usage is billed). For part 2, that is correct, if they only have Job User role, this does not give them any access to read data. However, they could run queries over any other data they have access to, including public datasets, for example.
We don't share the slides from the videos, but you can also reference the documentation pages: cloud.google.com/bigquery/docs/access-control Hopefully this helps!
Very crisp and clear.
Well explained. Thank you.
Is it possible to create a group and give access to each group member to the table specific to them such that each member can not view others' table except their own? Thanks
Hi James, you can share tables with specific users using their email address: cloud.google.com/bigquery/docs/table-access-controls-intro. If you wanted to do this programmatically across many users, you could set the policies using gcloud or the APIs: cloud.google.com/iam/docs/granting-changing-revoking-access#setting-policy
hi Alicia, great video, thank you. I read documentation and is not clear to me the difference between data viewer and job user. Can you please confirm if my understanding is correct?
If I have a single project that contains different datasets and I would like to able different teams to SEE and QUERY only the data for their respective dataset I have to provide members dataviewer role on each dataset.
Instead if I set jobuser role to different teams I can only set it at project level so it's impossible to segregate by dataset and besides with this role they can QUERY data but they cannot SEE them.
Thank you in advance for your reply.
For part 1, you would have to provide them Data Viewer access at each individual dataset level based on what you wanted them to access, and then also give them Job User roles at the project level (this allows them to run queries which will be billed to the attached billing account).
Sometimes you might want to be able to separate the query usage (and billing information) between teams. In that case, you can still have one project where all your datasets live and where you grant dataset-level Data Viewer roles to various users/groups. Then, each user/team would have separate projects in which they have the Job User role and this is where they would actually run queries over the data (and each would have their own billing accounts where query usage is billed).
For part 2, that is correct, if they only have Job User role, this does not give them any access to read data. However, they could run queries over any other data they have access to, including public datasets, for example.
You might want to watch this other video that dives a bit more into the resource model: ua-cam.com/video/JawT0MiNMhQ/v-deo.html
@@aliciawilliams5520 thank you again.
How to give access to the user for particular data set, so he can analyze the data through a connected spreadsheet data connection?
I added an editor role to my project but the user (developer) did not receive an email notification, how do I fix that.
Only those added to the "owner" role will receive an email notification (in this case, it is an invitation to accept the owner role).
where can I get slides you presented in this video?
We don't share the slides from the videos, but you can also reference the documentation pages: cloud.google.com/bigquery/docs/access-control
Hopefully this helps!