How do I use row-level permissions in BigQuery?

Question

Google announced this feature today, but I don\'t see any docs for it. How can I grant row-level permissions to a user?

For example, let\'s say I have a table

Answer 1

The key part of row-level permissions is that you're actually giving permission to a view. The view defines the rows and columns in that you want the delegated user to see, without giving them access to the underlying table.

To do this, create the view that will return the rows and columns that you'd like the user to see. For the example above, the view would look like:

SELECT customer, id FROM private.all_customers where is_secret = false

Then I can save this as the view "public.public_customers", and share the public dataset with the analysts.

Note that, so far, this does NOT mean that the analysts will have access to the data. If they try to run it now, they'll get an error. Merely having access to a view that reads a table doesn't give you access to the underlying data on that table. If it did, then anyone could just create a view to read any data that they wanted to see.

The second step is adding that view to the ACL of the private dataset. What this does is records that the view should have access to the data. This way the owner of the private dataset can audit who has access to their data, and revoke it if necessary.

The easiest way to add the view to the ACL is to use the BigQuery Web UI. If you click on the arrow next to the private dataset name in the Web UI and click "Share this dataset", it will bring up a dialog box that lets you edit the ACL. At the bottom of that dialog it will show "Add People" and a clickable icon on the left. If you click on that icon, you should be able to select "Authorized View". Once that is selected, you should enter the fully-qualified name -- project:dataset.view of the view. In our example, that would be my-project:public.public_customers. Hit 'Add' and it will show up in the list, and then hit "Save Changes" to commit.

Once the view has been added to the ACL, anyone with access to the 'public' dataset should be able to run queries against the public.public_customers view.

For more advanced usage of this feature, which will allow you to give different answers to different users, see this question: How do I give different users access to different rows without creating separate views in BigQuery?