授予访问视图的权限。
深入探索
如需查看包含此代码示例的详细文档,请参阅以下内容:
代码示例
Go
试用此示例之前,请按照 BigQuery 快速入门:使用客户端库中的 Go 设置说明进行操作。如需了解详情,请参阅 BigQuery Go API 参考文档。
如需向 BigQuery 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为客户端库设置身份验证。
import (
"context"
"fmt"
"cloud.google.com/go/bigquery"
)
// updateViewDelegated demonstrates the setup of an authorized view, which allows access to a view's results
// without the caller having direct access to the underlying source data.
func updateViewDelegated(projectID, srcDatasetID, viewDatasetID, viewID string) error {
// projectID := "my-project-id"
// srcDatasetID := "sourcedata"
// viewDatasetID := "views"
// viewID := "myview"
ctx := context.Background()
client, err := bigquery.NewClient(ctx, projectID)
if err != nil {
return fmt.Errorf("bigquery.NewClient: %w", err)
}
defer client.Close()
srcDataset := client.Dataset(srcDatasetID)
viewDataset := client.Dataset(viewDatasetID)
view := viewDataset.Table(viewID)
// First, we'll add a group to the ACL for the dataset containing the view. This will allow users within
// that group to query the view, but they must have direct access to any tables referenced by the view.
vMeta, err := viewDataset.Metadata(ctx)
if err != nil {
return err
}
vUpdateMeta := bigquery.DatasetMetadataToUpdate{
Access: append(vMeta.Access, &bigquery.AccessEntry{
Role: bigquery.ReaderRole,
EntityType: bigquery.GroupEmailEntity,
Entity: "example-analyst-group@google.com",
}),
}
if _, err := viewDataset.Update(ctx, vUpdateMeta, vMeta.ETag); err != nil {
return err
}
// Now, we'll authorize a specific view against a source dataset, delegating access enforcement.
// Once this has been completed, members of the group previously added to the view dataset's ACL
// no longer require access to the source dataset to successfully query the view.
srcMeta, err := srcDataset.Metadata(ctx)
if err != nil {
return err
}
srcUpdateMeta := bigquery.DatasetMetadataToUpdate{
Access: append(srcMeta.Access, &bigquery.AccessEntry{
EntityType: bigquery.ViewEntity,
View: view,
}),
}
if _, err := srcDataset.Update(ctx, srcUpdateMeta, srcMeta.ETag); err != nil {
return err
}
return nil
}
Java
试用此示例之前,请按照 BigQuery 快速入门:使用客户端库中的 Java 设置说明进行操作。如需了解详情,请参阅 BigQuery Java API 参考文档。
如需向 BigQuery 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为客户端库设置身份验证。
import com.google.cloud.bigquery.Acl;
import com.google.cloud.bigquery.BigQuery;
import com.google.cloud.bigquery.BigQueryException;
import com.google.cloud.bigquery.BigQueryOptions;
import com.google.cloud.bigquery.Dataset;
import com.google.cloud.bigquery.Table;
import java.util.ArrayList;
import java.util.List;
// Sample to grant view access on dataset
public class GrantViewAccess {
public static void main(String[] args) {
// TODO(developer): Replace these variables before running the sample.
String srcDatasetId = "MY_DATASET_ID";
String viewDatasetId = "MY_VIEW_DATASET_ID";
String viewId = "MY_VIEW_ID";
grantViewAccess(srcDatasetId, viewDatasetId, viewId);
}
public static void grantViewAccess(String srcDatasetId, String viewDatasetId, String viewId) {
try {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests.
BigQuery bigquery = BigQueryOptions.getDefaultInstance().getService();
Dataset srcDataset = bigquery.getDataset(srcDatasetId);
Dataset viewDataset = bigquery.getDataset(viewDatasetId);
Table view = viewDataset.get(viewId);
// First, we'll add a group to the ACL for the dataset containing the view. This will allow
// users within that group to query the view, but they must have direct access to any tables
// referenced by the view.
List<Acl> viewAcl = new ArrayList<>(viewDataset.getAcl());
viewAcl.add(Acl.of(new Acl.Group("example-analyst-group@google.com"), Acl.Role.READER));
viewDataset.toBuilder().setAcl(viewAcl).build().update();
// Now, we'll authorize a specific view against a source dataset, delegating access
// enforcement. Once this has been completed, members of the group previously added to the
// view dataset's ACL no longer require access to the source dataset to successfully query the
// view
List<Acl> srcAcl = new ArrayList<>(srcDataset.getAcl());
srcAcl.add(Acl.of(new Acl.View(view.getTableId())));
srcDataset.toBuilder().setAcl(srcAcl).build().update();
System.out.println("Grant view access successfully");
} catch (BigQueryException e) {
System.out.println("Grant view access was not success. \n" + e.toString());
}
}
}
Python
试用此示例之前,请按照 BigQuery 快速入门:使用客户端库中的 Python 设置说明进行操作。如需了解详情,请参阅 BigQuery Python API 参考文档。
如需向 BigQuery 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为客户端库设置身份验证。
from google.cloud import bigquery
client = bigquery.Client()
# To use a view, the analyst requires ACLs to both the view and the source
# table. Create an authorized view to allow an analyst to use a view
# without direct access permissions to the source table.
view_dataset_id = "my-project.my_view_dataset"
# Make an API request to get the view dataset ACLs.
view_dataset = client.get_dataset(view_dataset_id)
analyst_group_email = "data_analysts@example.com"
access_entries = view_dataset.access_entries
access_entries.append(
bigquery.AccessEntry("READER", "groupByEmail", analyst_group_email)
)
view_dataset.access_entries = access_entries
# Make an API request to update the ACLs property of the view dataset.
view_dataset = client.update_dataset(view_dataset, ["access_entries"])
print(f"Access to view: {view_dataset.access_entries}")
# Group members of "data_analysts@example.com" now have access to the view,
# but they require access to the source table to use it. To remove this
# restriction, authorize the view to access the source dataset.
source_dataset_id = "my-project.my_source_dataset"
# Make an API request to set the source dataset ACLs.
source_dataset = client.get_dataset(source_dataset_id)
view_reference = {
"projectId": "my-project",
"datasetId": "my_view_dataset",
"tableId": "my_authorized_view",
}
access_entries = source_dataset.access_entries
access_entries.append(bigquery.AccessEntry(None, "view", view_reference))
source_dataset.access_entries = access_entries
# Make an API request to update the ACLs property of the source dataset.
source_dataset = client.update_dataset(source_dataset, ["access_entries"])
print(f"Access to source: {source_dataset.access_entries}")
后续步骤
如需搜索和过滤其他 Google Cloud 产品的代码示例,请参阅 Google Cloud 示例浏览器。