Challenge 6: Access control

Challenge 6: Access control

Previous Challenge Next Challenge

Introduction

Data access management is the process of defining, enforcing, and monitoring the rules and policies governing who has access to data. Access management ensures that data is only accessible to those who are authorized to access it. BigQuery provides different mechanisms to help you with data access:

• Identity and Access Management to manage access to your BigQuery resources such as projects, datasets, tables, and views
• Authorized views, datasets, routines let you share query results with particular users and groups without giving them access to the underlying source data
• And if you want more granular control, you can utilize Column Level Security, Row Level Security, and Dynamic Data Masking

Description

We’ll add a couple of data governance rules to the obt_sales table that we’ve created in the previous challenge. Turn on Row Level Security for one of the users by letting that user see only the data for the product category Accessories. Make sure that everyone else on the team has access to all of the data.

In addition, for the same user, add dynamic data masking to the columns full_name, showing only first 4 characters and replacing the rest with XXXXX, and birth_date, replacing it with the Unix epoch date.

Note We’re granting permissions for individual users for the sake of simplicity in this challenge, but the best practice is to use User Groups for this purpose (which also simplifies the management of these rules).

Success Criteria

• One user can read only the data for the product category Accessories from the obt_sales table.
• The same user can only read the masked version of full_name and birth_date columns from the obt_sales table.
• All other users can read all data unmasked from the obt_sales table.

Learning Resources

• Row Level Security
• The TRUE filter
• Introduction to Dynamic Data Masking

Previous Challenge Next Challenge