How does GCP implement IAM for BigQuery data governance?
Answer
BigQuery data governance uses a layered IAM approach. Dataset level: the primary access control unit. Grant roles like roles/bigquery.dataViewer (read tables/views), roles/bigquery.dataEditor (modify), roles/bigquery.dataOwner. Table/View level: table-level IAM for fine-grained access to specific tables. Row-level security: Row Access Policies restrict which rows a user can see based on their identity. Column-level security: Policy Tags (created in Data Catalog) label columns as sensitive; you then define IAM policies on the taxonomy tag — only users with the tag's fine-grained reader role can see those column values. Authorized views: share query results without granting access to source tables. VPC Service Controls: prevent data exfiltration from BigQuery. Combine these layers for defense-in-depth data access control.
Previous
What is GKE Autopilot and how does it differ from Standard mode?
Next
What is Google Cloud's approach to multi-region high availability?
More Google Cloud Platform (GCP) Questions
View all →- Advanced What is the GCP data analytics reference architecture (Modern Data Stack)?
- Advanced What is GKE Autopilot and how does it differ from Standard mode?
- Advanced What is Google Cloud's approach to multi-region high availability?
- Advanced What is VPC Service Controls in GCP?
- Advanced What is Google Cloud's approach to SRE (Site Reliability Engineering)?