Documentation Index

Fetch the complete documentation index at: https://docs.plainid.io/llms.txt

Use this file to discover all available pages before exploring further.

Google BigQuery

Prev Next

This Authorizer follows the SaaS Authorization Management pattern. For more information, see: SaaS Authorization Management.

SaaS Authorization Management provides out-of-the-box support for leading data platforms like Google BigQuery. The Platform integrates with Google BigQuery to provide standardized and centralized Authorization management while supporting distributed deployment across the organization's technology stack.

Integration is achieved through Policy Orchestration, which connects to Google BigQuery using its native APIs. This setup allows PlainID to discover, manage, and synchronize Authorization Policies while leveraging BigQuery's native security capabilities.


Google BigQuery Overview

Google BigQuery is a serverless, cloud-native data warehouse deeply integrated into the Google Cloud Platform (GCP). Unlike role-centric models, BigQuery uses a principal-centric security model — access is granted to Google Principals (users and Google Groups) directly via IAM, rather than through database-level roles.

Through integration with PlainID, organizations can:

  • Define and manage Row-Level Policies and Column-Level Policies as business-aligned controls.
  • Automatically discover and govern existing BigQuery Row Access Policies and Policy Tags across projects and datasets.
  • Detect and address Policy drift to maintain consistent access controls across Environments.

Google BigQuery Authorization Model

BigQuery enforces data security using two complementary Policy types:

Row-Level Policies

Row-Level Policies control which rows of data a principal can access within a BigQuery table. PlainID deploys these as Row Access Policies (RAPs) — table-level objects that filter rows at query time using a SQL predicate and a grantee list. Only rows where the filter evaluates to TRUE are returned to the user.

For more information, refer to Google BigQuery Row-Level Security.

Column-Level Policies

Column-Level Policies control access to specific columns within a BigQuery table, ensuring sensitive data is only visible to authorized principals. PlainID deploys these using BigQuery's native masking architecture, linking columns to masking rules via Policy Tags and Data Policies.

For more information, refer to Google BigQuery Column-Level Security.


For more information about Row-Level and Column-Level Policies, refer to Data Access Policies.

© 2026 PlainID LTD. All rights reserved.