Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

permissions not applying in 21.9.0 #27

Open
Marty08 opened this issue Sep 20, 2021 · 6 comments
Open

permissions not applying in 21.9.0 #27

Marty08 opened this issue Sep 20, 2021 · 6 comments
Labels
bug Something isn't working todo

Comments

@Marty08
Copy link
Contributor

Marty08 commented Sep 20, 2021

I'm running command line authorize of a view in V21.9.0 and the process runs successfully with no errors.

All sources have a green tick except for the view I'm trying to authorize which still has an X

permissions to upstream datasets are not applied even though all upstream sources have a tick in the command line.

I've reverted back to version 20.4.1 and the issue is not present and all permissions granted.

Below is the output:

target-project:shared_view.sample_data
└── team-project:authorised_views.sample_data (✓)
└── team-project:calculations.sample (✓)
├── team-project:calculations.calculated_sample (✓)
│ ├── team-project:sales.header (✓)
│ │ └── source-project:sales.header (✓)
│ ├── team-project:sales.body (✓)
│ │ └── source-project:sales.body (✓)
│ ├── team-project:sales.dept (✓)
│ │ └── source-project:sales.dept (✓)
│ └── team-project:sales.sales (✓)
│ └── source-project:sales.sales (✓)
├── team-project:customer.customer_data(✓) **** permission denied here****
│ └── source-project:customer.customer_data (✓)
├── team-project:sales.store (✓)
│ └── source-project:sales.store (✓)

When trying to query the data in target-project:shared_view.sample_data, the permission denied at
team-project:customer.customer_data in version 21.9.0

Works perfectly with no issues in 20.4.1

@christippett christippett added the bug Something isn't working label Sep 30, 2021
@christippett
Copy link
Contributor

Thanks for raising this @Marty08, I'll see about deploying a test environment I can use to run some integration tests. I've probably done something silly somewhere.

Glad at least the previous version is working for you.

@christippett
Copy link
Contributor

@Marty08 I've started laying the groundwork for proper integration tests (https://github.com/servian/bigquery-view-analyzer/tree/feature/integration-tests). Any test cases you can contribute from your experience working with authorized views would be appreciated mate. Just a few bullet points would be ideal!

@Marty08
Copy link
Contributor Author

Marty08 commented Oct 10, 2021

@christippett

Happy to provide examples, I'll refer to the view being authorised as the target view and anything inside the view or needing authorisation as upstream:

  • Upstream view(s) is in same project.dataset of target view
  • Upstream has same dataset.view_name, different project name
  • Upstream view may appear more than once for authorisation
  • Target view in same dataset as upstream
  • Target view in same project as upstream, same view name but different dataset name
  • Upstream view contains UDF
  • Upstream view contains date suffix table's e.g test_data_20210901 (test_data_*)

The last two are useful but possibly out of scope for testing

@Marty08
Copy link
Contributor Author

Marty08 commented Nov 8, 2021

@christippett , more of a question than a request.
Have you looked into authorising tables that have column level security applied via data catalogue?

e.g pii data and security groups:
https://cloud.google.com/bigquery/docs/column-level-security-intro

@christippett
Copy link
Contributor

@Marty08 I haven't. Looks interesting though - I'm not working directly with BigQuery much these days so thanks for bringing this to my attention. I'll add to one of my things to look into.

@christippett
Copy link
Contributor

christippett commented Nov 20, 2021

@TWinsnes / @polleyg over to you to prioritise development effort on this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working todo
Projects
None yet
Development

No branches or pull requests

2 participants