BigQuery Authorized Views For External Connection

1
votes

Is there any way to treat a BigQuery "External Connection" like a BQ database for which views can be authorized?

I have a Cloud SQL DB that I'm accessing via an "external connection" in BigQuery. I have a BigQuery Dataset that contains a view that is essentially just select * from external_db; I'd like to keep access to that view and the external connection limited, but I'd like to make a second Dataset with a view such as select field 1, field2 from view1(or external_db); that I can give others read access to.

1
google-bigquerygoogle-cloud-sql
The best option I've come up with so far is creating a view in the SQL DB and adding a new user that only has read permission for that view. The external connection can then be created with that user and it is appropriately restricted. I don't hate this option. - J_Tuck
Do you want to create Bigquery authorized view from the source DB view which is located in a separate dataset? - Nick_Kh
no, the source DB is located in an external database. - J_Tuck
If you create the second view select field 1, field2 from external_db in the separate Bigquery dataset, assigning appropriate access control to the users, wouldn't it be sufficient here? - Nick_Kh
I dont think so. If I give a user permission to read that view it'll give an error indicating a lack of permissions on the external dataset and there's no way to give the user access to the external dataset without them being able to access the whole thing. - J_Tuck

1 Answers

2
votes

The best option I've come up with so far is creating a view in the SQL DB and adding a new user that only has read permission for that view. The external connection can then be created with that user and it is appropriately restricted.