Status Update
No update yet.
Comments
ph...@google.com
ph...@google.com
+1
st...@google.com
na...@cloud-ace.jp
ga...@google.com
Could you atleast share an ETA when this would be addressed please.
ct...@google.com
to...@cloud-ace.jp
How about adding a user account who sets export from GA4 to your Access Context Manager?
This operation allows you to discover tha dataset to be exported to.
In addition, you may need to add
[Deleted User] <[Deleted User]>
As of July 1, 2023, we will stop processing data in standard Universal Analytics properties.
So we need to use Google Analytics 4.
But I can't export to BigQuery secured by VPC Service Controls.
For enterprise use, we are using BigQuery protected by VPC Service Controls, so we strongly hope that it will be supported.
da...@gmail.com
We also have VPC SC in our org.
We are able to stream the GA4 data to bigquery. You just need to add an ingress rule in your perimeter with the related identiy.
Cheers
Davide
br...@equifax.com
Hey Davide (and other awesome people here!),
Is there documentation that has related identity information needed for this specific ingress rule, and/or can I use the
I think I should have identities: - serviceAccount: firebase-measurement@system.gserviceaccount.com
But, I'm not sure what to set for the other information like sources: - resource: OR sources: - accessLevel: and methodSelectors: - method: OR methodSelectors: - permissions:
mo...@gmail.com
da...@gmail.com
I just reviewed our perimeter setup.
1. We have an access level for the related service accounts and added the access_level to the perimeter.
resource "google_access_context_manager_access_level" "google_analytics_access_level" {
parent = "accessPolicies/${
name = "accessPolicies/${
title = "google_analytics_access_level"
basic {
conditions {
ip_subnetworks = []
members = [
"serviceAccount:analytics-processing-dev@system.gserviceaccount.com",
"serviceAccount:firebase-measurement@system.gserviceaccount.com",
]
negate = false
required_access_levels = []
}
}
}
2. We added iam bindings for the service accounts in the related gcp project.
...
bindings = {
"roles/editor" = [
"serviceAccount:analytics-processing-dev@system.gserviceaccount.com",
# SA firebase-measurement@system.gserviceaccount.com needed to link Google Analytics 4 Data
#
"serviceAccount:firebase-measurement@system.gserviceaccount.com"
]
}
...
So no ingress rules as I wrote in my previous comment.
But you can also implement it with ingress rules instead of just one access level.
Cheers
Davide
br...@equifax.com
Thanks Davide! We will try this out.
Description
Please provide as much information as possible. At least, this should include a description of your issue and steps to reproduce the problem. If possible please provide a summary of what steps or workarounds you have already tried, and any docs or articles you found (un)helpful.
Problem you have encountered:
Our customer tried export data from GA4 to BigQuery where BigQuery is protected by VPC SC by following the link below.
When the customer tried to do "Step 3: Link BigQuery to a Google Analytics 4 property", they got error below.
"An error has occurred. Please try again after a while."
This is because GA->BigQuery exports are not VPC SC compatible yet. GA is not supported by VPC SC.
What you expected to happen:
Customer can link BigQuery to GA4.
So GA->BigQuery exports are fully supported by VPC SC, so GA can export data to BigQuery where BigQuery API is protected by VPC SC.
Steps to reproduce:
n/a
Other information (workarounds you have tried, documentation consulted, etc):
When the customer meets this issue, the customer needs to contact Google Analytics support team rather than Google Cloud Support team.