Privacera Announces Fine-Grained Data Access and Privacy Control for Google BigQuery


While the battle for cloud platform supremacy between AWS, Azure, and Google continues to rage, Google Big Query (BigQuery) has rapidly established itself as a very popular and powerful cloud data warehouse solution. In Google’s own words, “BigQuery is a serverless, highly scalable and cost-effective data warehouse designed for business agility.” And customers are adopting this solution at increasingly high rates. 

While adding more customers and analytical use cases is great, it also raises the stakes for enterprise-grade access controls, security, and privacy. Customers must balance the need for powerful analytical solutions with advanced security to protect sensitive data and ensure compliance with stringent industry regulations. Enter: Privacera. 

With the latest release of Privacera, the industry’s leading unified data access governance capabilities are available in BigQuery to provide the most complete access, security, and privacy controls for GBQ data.

With Privacera, enterprises can now deliver comprehensive access control capabilities for BigQuery, empowering customers to define and enforce access control across projects, datasets, tables, columns, and views in BigQuery from a single, centralized location. Additionally, access control policies can now be enforced based on data queries, resource-based masking policies, security zones, and tag-based policies to govern data access for the PostgreSQL database of the Cloud SQL in Google Cloud. 

Exhibit: Creating a policy for user Emily to run queries and list dataset and tables in BigQuery

Benefits to Privacera and Google BigQuery Users

Faster Queries and Trusted Analytics: Get rapid access to data stored and processed in Google BigQuery with automated, consistent access controls, removing the need for multiple access requests and denials that delay data access and analytical insights. 

Reduced Administrative Burden: Data administrators have single-pane visibility to define and enforce access policies across multiple data sources in BigQuery (and all other supported cloud services or applications) reducing redundant manual policy creation and access management processes. 

Comprehensive Compliance: Fine-grained access controls and dynamic data masking secure sensitive and PII data against unauthorized use and sharing, reducing the risk of compliance violations. 

Feature Overview: Tag-Based Access Controls in BigQuery

Tag-based policies play a critical part in access governance programs. Built as a result of scanning enterprise data and classifying sensitive elements, tag-based policies manage data access based on labels that span across various departments, organizational groups, and resources. An important advantage of tag-based policies is the delineation of resource classification from access authorization. Resources containing sensitive data, such as credit card information, social security numbers, or health-related data, can be tagged with PII, PCI, or PHI. Once resources are tagged, authorizations for the tags are enforced automatically, eliminating the need to manually create or update policies. Now available in Privacera Platform 6.3, customers can build tag-based access control policies for BigQuery based on project, dataset, table or table view, as well mask sensitive data in single or multiple columns in the same or different tables. Tag-based policies provide administrators with a streamlined avenue to manage users’ access to data based on tags or labels. For example, administrators can build policies that specify data in a column as containing personally identifiable information, prohibiting it for use in marketing initiatives–thus making data more widely-accessible and shareable for various data users and consumers, while ensuring it doesn’t fall into unauthorized hands. Tags also ensure that even if data is moved or copied, user access is still enforced to prevent any unauthorized access or use.  

Exhibit: Enforcing access on data that is associated with personal name by creating tag: Personal_Name  

Feature Overview: Dynamic Data Masking in BigQuery

Privacera makes it even easier to securely extract analytical insights from regulated data in BigQuery with the ability to filter data in rows. For example, if a table or view in BigQuery contains intermingled data for different organizations or regions, analysts will only be able to access data in rows that pertain to their specific departments or regions, ensuring data is not viewed or used by unauthorized users. Privacera 6.3 also provides the same security for sensitive data in columns or views in a BigQuery table, empowering business analysts and data scientists with greater access to secured, sensitive data to unlock new analytical insights that would have otherwise been inaccessible for analysis. 

Exhibit: Creating a “mask SSN” policy that masks SSN values for user Emily

See it in Action

If you are interested in seeing a live demo of Privacera in action, please visit


Contact Privacera for a Data Governance and Security Demo Today