Assigned
Status Update
No update yet.
Comments
at...@google.com
+1
ke...@umich.edu
+1
ke...@umich.edu
It's been a bit - has there been any movement on this?
I suspect a possible solution is using VPC Service Controls, but I was hopeful that there is still some work being done on this. Several colleagues in higher ed were interested in how you are going to solve this.
I suspect a possible solution is using VPC Service Controls, but I was hopeful that there is still some work being done on this. Several colleagues in higher ed were interested in how you are going to solve this.
n_...@uncg.edu
Adding UNCG support for this, for the same reasons mentioned already. Compliance requirements make this a control vitally important to implement, including audit trail for the associated processes as well.
li...@covergenius.com
+1
ja...@google.com
+1
ko...@google.com
+1
jo...@google.com
+1
jl...@google.com
+1
ke...@umich.edu
It has been some time...I was wondering if there has been any movement.
I guess even restricting via Org policies would be great, but at a minimum, the audit trail is vital to using BQ for sensitive data
I guess even restricting via Org policies would be great, but at a minimum, the audit trail is vital to using BQ for sensitive data
de...@safeway.com
This is a critical feature for using Big Query. Although analysts should be able to query tables, mass download of the data to a local computer must be prevented.
It is very critical to be able to control the "Save Results > CSV (local file)" option. Otherwise, anyone who can view/query the data can also download the data to their local machine - which is not acceptable in a sensitive data environment.
It is very critical to be able to control the "Save Results > CSV (local file)" option. Otherwise, anyone who can view/query the data can also download the data to their local machine - which is not acceptable in a sensitive data environment.
ke...@umich.edu
We continue to need this...at a minimum have an audit trail of when a user downloads to data or exports so we could alert on this (and/or use vpc service controls to block the use of those APIs).
As stated, this is critical for compliance...as stated, the ability to query (GetData) should not be the same method/permission as download/export
(and yes, we're well aware you could technically scrape the data from the UI or the data return, but at least that requires some effort)
As stated, this is critical for compliance...as stated, the ability to query (GetData) should not be the same method/permission as download/export
(and yes, we're well aware you could technically scrape the data from the UI or the data return, but at least that requires some effort)
Description
What you would like to accomplish:
We would like to block some users from being able to download BigQuery data from the UI.
How this might work:
A permission would be required to download a table or query results.
If applicable, reasons why alternative solutions are not sufficient:
Currently, anyone with the data viewer, editor or owner role can download BigQuery tables using the export function given these roles have the bigquery.tables.export permission. Creating a custom role without the bigquery.tables.export permission blocks the user from using the table export function.
However, a user can still query the entire table and use the save query results functionality. Thus, a permission should be added which would block users from using the save results function if they don't have it assigned.