Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m developing an app using bigquery and I own all the underlying data.
I would like to expose users to a sub-set of this data, with their scope of access determined by permissions control that I want to implement.
I do not want to grant them any access to the bigquery tables.
My question is:
How do I set things up so that when they run something, it’s based on my access to the table?
Thanks.
Are you going to let users write their own queries? If so, then this would be difficult, unless you can partition the data into tables on a per-user basis. Or you could play games with rewriting the query — if they do
select foo from bar ...you could replace the table name with(select allowed columns from underlying.table where user_id = 'current_user').If you are going to be generating the queries on behalf of the users, then you can just use your own credentials (or your service account’s creds) to access bigquery. Essentially you just need an OAuth2 refresh token, and this should be valid forever. One way of thinking about it is if you had a mysql database, you’d access that with your own credentials not the user’s.