BigQuery
Connect to BigQuery using account impersonation or via a credentials JSON file.
You can decide to separate the billing/execution of your queries from where the data is located via two separate Google projects if required.
Managing data access
Please read the general guidance on managing access first
For larger scale data warehouses we recommened organizing your data in the following way:
- Create a unique service account for each Qluent project e.g.
qluent_{qluent_project_name}@{google_project_id}.iam.gserviceaccount.com - Create a unique dataset for each Qluent project e.g.
qluent_{qluent_project_name} - Grant the service account access to the dataset with the following roles:
- BigQuery Data Viewer
roles/bigquery.dataViewer- provides access to the data itself - BigQuery Metadata Viewer
roles/bigquery.metadataViewer- provides Qluent the ability to understand your data prior to asking questions includes tables, columns, types and descriptions - BigQuery Job User aka
roles/bigquery.jobUser- allows running of queries aka jobs - BigQuery Read Session User
roles/bigquery.readSessionUser- provides the ability to read user sessions
- BigQuery Data Viewer
- Reference data from other datasets through BigQuery views filtering by the project specific needs
- e.g.
my_data.orderswhich includes all orders from Europe could be filtered via datasetqluent_francewith a viewordersvia the SQLSELECT my_data.orders WHERE country_code = 'FR'
- e.g.