Creating BigQuery Secure Views

As part of creating secure views with Bornio, you:

  • Connect to a BigQuery database
  • Ingest schema and metadata from the source
  • Deploy the secure views into BigQuery

Prerequisites

Before starting, you must have successfully:

  • Installed Bornio in your GCP.
  • Obtained permissions and login credentials to the GCP project that contains your BigQuery dataset.
  • Obtained permissions and login credentials to the target GCP project for your protected dataset.

GCP Permissions for Secure Views

You can use a service account to create connections for data sources, privacy filters, and secure views.

The service account requires the following roles as minimum:

  • BigQuery Connection Admin
  • BigQuery Data Editor
  • BigQuery Job User
  • BigQuery Metadata Viewer
  • BigQuery Resource Viewer
  • Cloud Functions Developer
  • Cloud Functions Invoker
  • Cloud Run Invoker
  • Service Account User

Creating a Data Source

Creating a data source established all the necessary connection information for Bornio to access the schema and metadata information that is needed to protect data and customize privacy policies.

  1. Review how to create a data source.
  2. Open and login to Bornio Studio.
  3. Click + Data Source.
  4. Click Google BigQuery.
  5.  Enter the Account key credentials.
  6. Enter the Project name.
  7. Enter the Dataset name.
  8. Click Next.

The data source is registered and you are taken to Preview mode:

Note: Preview mode shows two rows for each original row of data.  The first row is shown in light gray and represents the original data. The second row, which in numbered, is in a darker gray to indicate how the protected data would appear when deployed to a target location.

 

 

Defining and Deploying your Bornio Privacy Filter

Bornio privacy filters keep track of each unique combination of data source, protection policy, and target location.

  1. In the left nav, click Privacy Filters.

  2.  Click + Privacy Filter.
  3.  Select the data source which you want to control the privacy policies for your target data.
  4.  Select BigQuery Secure Views.
  5. Select a Default Bornio Policy.
  6. Enter the Target Project
  7. Enter the Target Dataset. Use a name that indicates that the data is secure and is easy for you to find.
  8. Click Save to deploy your secure views.

Give Bornio a few minutes to create all the secure views in your GCP project.

Verifying Creation of your Secure Views

You can use the Google Console to verify that the secure views dataset was created for you and that the data is protected. 

  1. In the Cloud Console, open BigQuery.  
  2. Expand your project.
  3. Expand your dataset.
  4. Open a table.
  5. Click Query. 
  6. Click In split tab or In new tab.
         
  7. Modify the query syntax.
  8. Click RUN. 
  9. Review the results to validate your data protection.