You can set
BigQuery policy tags
on table columns in the config block in a table definition SQLX file.
Before you begin
In the Google Cloud console, go to the Dataform page.
Select or create a repository.
Select or create a development workspace.
Required roles
To get the permissions that you need to add a BigQuery policy tag to a table in Dataform,
ask your administrator to grant you the
Dataform Editor (roles/dataform.editor) IAM role on workspaces.
For more information about granting roles, see Manage access to projects, folders, and organizations.
You might also be able to get the required permissions through custom roles or other predefined roles.
Additionally, you must grant your Dataform service account BigQuery roles for column-level access control.
Add a BigQuery policy tag
To add a BigQuery policy tag to a table column, follow these steps:
- Go to your development workspace.
- In the Files pane, expand
definitions/. - Select a table definition SQLX file.
In the
configblock, add a full tag identifier to a selected column in the following format:columns: { column_name: { bigqueryPolicyTags: ["FULL_TAG_IDENTIFIER"] } }Replace FULL_TAG_IDENTIFIER with the full identifier of the selected tag.
Optional: Click Format.
The following code sample shows the
projects/example-project/locations/us/taxonomies/123456789/policyTags/123456789
sample BigQuery policy tag added to column1:
config {
type: "table",
columns: {
column1: {
description: "Some description",
bigqueryPolicyTags: ["projects/example-project/locations/us/taxonomies/123456789/policyTags/123456789"]
}
}
}
SELECT "test" AS column1
What's next
- To learn more about BigQuery policy tags, see Introduction to column-level access control.
- To learn how to add BigQuery labels in Dataform, see Add BigQuery labels.
- To learn how to add Dataform tags to create collections of tables, see Add execution tags.