data_policies
Creates, updates, deletes, gets or lists a data_policies resource.
Overview
| Name | data_policies |
| Type | Resource |
| Id | google.bigquerydatapolicy.data_policies |
Fields
The following fields are returned by SELECT queries:
- get
- list
| Name | Datatype | Description |
|---|---|---|
name | string | Identifier. Resource name of this data policy, in the format of projects/{project_number}/locations/{location_id}/dataPolicies/{data_policy_id}. |
dataMaskingPolicy | object | Optional. The data masking policy that specifies the data masking rule to use. It must be set if the data policy type is DATA_MASKING_POLICY. (id: DataMaskingPolicy) |
dataPolicyId | string | Output only. User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {data_policy_id} in part of the resource name. |
dataPolicyType | string | Required. Type of data policy. |
etag | string | The etag for this Data Policy. This field is used for UpdateDataPolicy calls. If Data Policy exists, this field is required and must match the server's etag. It will also be populated in the response of GetDataPolicy, CreateDataPolicy, and UpdateDataPolicy calls. |
grantees | array | Optional. The list of IAM principals that have Fine Grained Access to the underlying data goverened by this data policy. Uses the IAM V2 principal syntax Only supports principal types users, groups, serviceaccounts, cloudidentity. This field is supported in V2 Data Policy only. In case of V1 data policies (i.e. verion = 1 and policy_tag is set), this field is not populated. |
policyTag | string | Output only. Policy tag resource name, in the format of projects/{project_number}/locations/{location_id}/taxonomies/{taxonomy_id}/policyTags/{policyTag_id}. policy_tag is supported only for V1 data policies. |
version | string | Output only. The version of the Data Policy resource. |
| Name | Datatype | Description |
|---|---|---|
name | string | Identifier. Resource name of this data policy, in the format of projects/{project_number}/locations/{location_id}/dataPolicies/{data_policy_id}. |
dataMaskingPolicy | object | Optional. The data masking policy that specifies the data masking rule to use. It must be set if the data policy type is DATA_MASKING_POLICY. (id: DataMaskingPolicy) |
dataPolicyId | string | Output only. User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {data_policy_id} in part of the resource name. |
dataPolicyType | string | Required. Type of data policy. |
etag | string | The etag for this Data Policy. This field is used for UpdateDataPolicy calls. If Data Policy exists, this field is required and must match the server's etag. It will also be populated in the response of GetDataPolicy, CreateDataPolicy, and UpdateDataPolicy calls. |
grantees | array | Optional. The list of IAM principals that have Fine Grained Access to the underlying data goverened by this data policy. Uses the IAM V2 principal syntax Only supports principal types users, groups, serviceaccounts, cloudidentity. This field is supported in V2 Data Policy only. In case of V1 data policies (i.e. verion = 1 and policy_tag is set), this field is not populated. |
policyTag | string | Output only. Policy tag resource name, in the format of projects/{project_number}/locations/{location_id}/taxonomies/{taxonomy_id}/policyTags/{policyTag_id}. policy_tag is supported only for V1 data policies. |
version | string | Output only. The version of the Data Policy resource. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | projectsId, locationsId, dataPoliciesId | Gets the data policy specified by its resource name. | |
list | select | projectsId, locationsId | pageSize, pageToken, filter | List all of the data policies in the specified parent project. |
create | insert | projectsId, locationsId | Creates a new data policy under a project with the given data_policy_id (used as the display name), and data policy type. | |
patch | update | projectsId, locationsId, dataPoliciesId | updateMask, allowMissing | Updates the metadata for an existing data policy. The target data policy can be specified by the resource name. |
delete | delete | projectsId, locationsId, dataPoliciesId | Deletes the data policy specified by its resource name. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
dataPoliciesId | string | |
locationsId | string | |
projectsId | string | |
allowMissing | boolean | |
filter | string | |
pageSize | integer (int32) | |
pageToken | string | |
updateMask | string (google-fieldmask) |
SELECT examples
- get
- list
Gets the data policy specified by its resource name.
SELECT
name,
dataMaskingPolicy,
dataPolicyId,
dataPolicyType,
etag,
grantees,
policyTag,
version
FROM google.bigquerydatapolicy.data_policies
WHERE projectsId = '{{ projectsId }}' -- required
AND locationsId = '{{ locationsId }}' -- required
AND dataPoliciesId = '{{ dataPoliciesId }}' -- required
;
List all of the data policies in the specified parent project.
SELECT
name,
dataMaskingPolicy,
dataPolicyId,
dataPolicyType,
etag,
grantees,
policyTag,
version
FROM google.bigquerydatapolicy.data_policies
WHERE projectsId = '{{ projectsId }}' -- required
AND locationsId = '{{ locationsId }}' -- required
AND pageSize = '{{ pageSize }}'
AND pageToken = '{{ pageToken }}'
AND filter = '{{ filter }}'
;
INSERT examples
- create
- Manifest
Creates a new data policy under a project with the given data_policy_id (used as the display name), and data policy type.
INSERT INTO google.bigquerydatapolicy.data_policies (
data__dataPolicyId,
data__dataPolicy,
projectsId,
locationsId
)
SELECT
'{{ dataPolicyId }}',
'{{ dataPolicy }}',
'{{ projectsId }}',
'{{ locationsId }}'
RETURNING
name,
dataMaskingPolicy,
dataPolicyId,
dataPolicyType,
etag,
grantees,
policyTag,
version
;
# Description fields are for documentation purposes
- name: data_policies
props:
- name: projectsId
value: string
description: Required parameter for the data_policies resource.
- name: locationsId
value: string
description: Required parameter for the data_policies resource.
- name: dataPolicyId
value: string
description: >
Required. User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {data_policy_id} in part of the resource name.
- name: dataPolicy
value: object
description: >
Required. The data policy to create. The `name` field does not need to be provided for the data policy creation.
UPDATE examples
- patch
Updates the metadata for an existing data policy. The target data policy can be specified by the resource name.
UPDATE google.bigquerydatapolicy.data_policies
SET
data__dataMaskingPolicy = '{{ dataMaskingPolicy }}',
data__name = '{{ name }}',
data__etag = '{{ etag }}',
data__dataPolicyType = '{{ dataPolicyType }}',
data__grantees = '{{ grantees }}'
WHERE
projectsId = '{{ projectsId }}' --required
AND locationsId = '{{ locationsId }}' --required
AND dataPoliciesId = '{{ dataPoliciesId }}' --required
AND updateMask = '{{ updateMask}}'
AND allowMissing = {{ allowMissing}}
RETURNING
name,
dataMaskingPolicy,
dataPolicyId,
dataPolicyType,
etag,
grantees,
policyTag,
version;
DELETE examples
- delete
Deletes the data policy specified by its resource name.
DELETE FROM google.bigquerydatapolicy.data_policies
WHERE projectsId = '{{ projectsId }}' --required
AND locationsId = '{{ locationsId }}' --required
AND dataPoliciesId = '{{ dataPoliciesId }}' --required
;