Reputation: 485
BigQuery Google Sheets Connected Sheets pivot table permissions
Short summary: I'm trying to give a user access to edit a Pivot Table created from a BigQuery Connected Sheets connection and running into problems. When the user tries to access the Pivot Table, all of the Pivot Table controls are grayed out.
Here's my BigQuery setup:
Project: sales_reports
Dataset: all_sales This is for sales for the entire company
Table: salesWithProductDetails This contains sales data for the entire company
Dataset: dept_x_sales This is sales for dept_x
Table: dept_x_sales
This is a Table created via a query on all_sales.
e.g. SELECT * FROM `sales_reports.all_sales.salesWithProductDetails` WHERE STARTS_WITH(customer_no, "W")
View: dept_x_sales_last2Years
e.g. SELECT * FROM `sales_reports.dept_x_sales WHERE fiscal_year >= extract(year from current_date) - 1
Next, I have a Google Sheet, with a Connected Sheets connection to the dept_x_sales_last2Years And I created a Pivot Table from it. It works great for me.
But I want to give someone else (let's say "Bob") access so:
- They can adjust the Pivot Table as they see fit so they can do sales analysis
- They only have access to the dept_x_sales_last2Years raw data
I've tried following the examples on Google's docs on creating authorized views but it's not working.
I've done the following:
- Gone into IAM and given Bob a BigQuery User role for the Project.
- In IAM, given Bob a BigQuery Job User role for the Project.
- In BigQuery and given Bob a BigQuery Data Viewer role for the Dataset.
- In BQ and made the dept_x_sales_last2Years an Authorized View.
If I'm using the Sheet as "Bob", the Pivot Table selectors are all grayed out. And if I try to go to the Connect Sheets tab and even do a Refresh preview, I get an error "You do not have access to the connected BigQuery table."
I've also tried:
- In BQ, made Bob a BigQuery User for the dept_x_sales Dataset
- In BQ, made Bob a Project Editor
- In BQ, made Bob a BigQuery Admin for the dept_x_sales Dataset
What am I missing?
Upvotes: 1
Views: 1872
Answers (1)
Reputation: 1446
The requirements fit the Authorized Views option.
An authorized view allows you to share query results with particular users and groups without giving them access to the underlying source data. You can also use the view's SQL query to restrict the columns (fields) the users are able to query.
This involves creating a new dataset and adding a view to that dataset that references the original dataset.
You assign Bob the project-level
bigquery.userrole which does not give them the ability to view or query table data in the dataset containing the tables queried by the view. But allows them to run jobs.You give Bob
bigquery.dataVieweron the dataset with the authorized view.Lastly, you authorize the view to access the source dataset.
Steps are from a tutorial by Google.
Upvotes: 2
Related Questions
- BigQuery error: Access Denied: BigQuery BigQuery: Permission denied while getting Drive credentials
- BigQuery row level security permissions
- Cannot Read Bigquery table sourced from Google Sheet (Oath / Scope Error)
- BigQuery Connected Sheets - Required user permissions?
- Google spreadsheet script authorisation to BigQuery
- What are the permissions needed for GA exports to BigQuery?
- Permissions to read from BigQuery __TABLE__ metatables
- Linking Google Analytics 360 to Big Query, permissions issue
- How do I use row-level permissions in BigQuery?
- Queries done in Sheets pulling from BigQuery (permissions help needed)