Looker 24.20 이전에는 Google BigQuery 연결에 OAuth 인증을 설정할 때 Looker가 데이터베이스 사용자가 읽기 및 쓰기 범위를 요청할 수 있는 OAuth 사용자 인증 정보를 만들었습니다. Looker 24.20부터 Looker는 대신 새 BigQuery OAuth 연결, 기존 BigQuery OAuth 연결에 대한 새 OAuth 승인, 기존 BigQuery OAuth 연결에 대한 재승인에 대해 OAuth 읽기 전용 범위를 요청합니다.
2025년 3월 1일부터 Looker는 OAuth 읽기 전용 범위로 다시 승인하지 않은 모든 사용자를 해당하는 모든 BigQuery 연결에서 로그아웃합니다.
이로 인해 이러한 연결에 종속된 모든 일정이 실패합니다. 이러한 각 사용자는 일정 전송을 중단 없이 계속하려면 OAuth 연결 사용자 인증 정보를 재승인해야 합니다. OAuth 연결 사용자 인증 정보를 재승인한 사용자에게 일정을 재할당할 수도 있습니다.
업데이트된 OAuth 사용자 인증 정보로 원활하게 전환하려면 다음 섹션의 단계를 따르세요.
OAuth 연결 사용자 인증 정보 섹션에서 각 사용자 인증 정보 옆에 있는 재승인을 클릭합니다.
Looker가 BigQuery 데이터에 액세스할 수 있도록 다시 승인하라는 메시지가 표시됩니다.
확인 화면에 'Google BigQuery에서 데이터를 보고 관리'가 아닌 'Google BigQuery에서 데이터를 보기' 권한이 표시됩니다.
BigQuery 연결에 대한 OAuth 사용자 인증 정보가 있는 각 사용자는 이 단계를 완료해야 합니다.
영향을 받을 수 있는 일정이 있는 모든 사용자의 목록 생성
BigQuery 연결에서 일정을 만든 읽기 전용 OAuth 사용자 인증 정보가 없는 모든 사용자의 목록을 생성하려면 다음 시스템 활동 탐색으로 이동하여 INSTANCE_NAME를 Looker 인스턴스의 주소 (예: https://example.cloud.looker.com)로 바꿉니다.
BigQuery 읽기 전용 범위 사용 강제 설정을 '사용 설정됨'으로 전환하고 업데이트를 클릭합니다.
이 프로세스로 사용자를 BigQuery에 다시 로그인하지 않습니다. 다음에 사용자가 BigQuery 연결이 있는 모델을 기반으로 쿼리를 실행하면 BigQuery에 로그인하라는 메시지가 표시됩니다. 이러한 연결에 종속된 모든 일정은 사용자가 로그인할 때까지 실패합니다. 이미 OAuth 연결 사용자 인증 정보를 재승인한 본인 또는 다른 사용자에게 일정을 재할당할 수도 있습니다.
[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2025-09-05(UTC)"],[],[],null,["# Restricting OAuth scope to read-only for Google BigQuery connections\n\nPrior to Looker 24.20, when [setting up OAuth authentication for Google BigQuery connections](/looker/docs/db-config-google-bigquery#oauth_for_bigquery_connections), Looker created OAuth credentials that allowed the database user to request read and write scope. Starting in Looker 24.20, Looker instead requests OAuth read-only scopes for any new BigQuery OAuth connections, new OAuth authorizations to existing BigQuery OAuth connections, and re-authorizations to existing BigQuery OAuth connections.\n| **Note:** For Google BigQuery connections with read-only scopes, users can't [execute write operations in SQL Runner](/looker/docs/sql-runner-manage-db#modifying_database_schema_and_data).\n\nStarting on March 1, 2025, Looker will sign out any users who have not re-authorized with OAuth read-only scopes from all corresponding BigQuery connections.\nThis will cause any schedules dependent on these connections to fail. Each of these users will need to [reauthorize their OAuth connection credentials](#reauthorize) to ensure uninterrupted schedule delivery. You can also [reassign a schedule](/looker/docs/admin-panel-alerts-and-schedules-schedule#reassign_a_schedule) to a user who has reauthorized their OAuth connection credentials.\n\nTo ensure a seamless transition to the updated OAuth credentials, follow the steps in the proceeding sections:\n\n- [Reauthorize your OAuth connection credentials](#reauthorize)\n- [Generate a list of all users with potentially affected schedules](#list)\n- [(Optional) Force read-only scope usage across your Looker instance](#force)\n\nReauthorize your OAuth connection credentials\n---------------------------------------------\n\nTo update your OAuth credentials to use a read-only scope, follow these steps:\n\n1. Navigate to the [**Account** page](/looker/docs/user-account).\n2. In the **OAuth Connection Credentials** section, click **Reauthorize** next to each set of credentials.\n3. You will be prompted to reauthorize Looker to access BigQuery data. The confirmation screen should list the permission \"View your data in Google BigQuery\" rather than \"View and manage your data in Google BigQuery.\"\n\nEach user that has OAuth credentials for the BigQuery connection will need to complete these steps.\n\nGenerate a list of all users with potentially affected schedules\n----------------------------------------------------------------\n\nTo generate a list of all users without read-only OAuth credentials who have created schedules on your BigQuery connections, visit the following System Activity Explore, replacing \u003cvar translate=\"no\"\u003eINSTANCE_NAME\u003c/var\u003e with the address of your Looker instance (such as `https://example.cloud.looker.com`). \n\n```\nINSTANCE_NAME/explore/system__activity/scheduled_plan_oauth_events?fields=user.name,count,query.model&f[query.model]=-NULL&f[count]=0&sorts=user.name&limit=500&column_limit=50&query_timezone=America%2FLos_Angeles&vis=%7B%22show_view_names%22%3Afalse%2C%22show_row_numbers%22%3Atrue%2C%22transpose%22%3Afalse%2C%22truncate_text%22%3Atrue%2C%22hide_totals%22%3Afalse%2C%22hide_row_totals%22%3Afalse%2C%22size_to_fit%22%3Atrue%2C%22table_theme%22%3A%22white%22%2C%22limit_displayed_rows%22%3Afalse%2C%22enable_conditional_formatting%22%3Afalse%2C%22header_text_alignment%22%3A%22left%22%2C%22header_font_size%22%3A12%2C%22rows_font_size%22%3A12%2C%22conditional_formatting_include_totals%22%3Afalse%2C%22conditional_formatting_include_nulls%22%3Afalse%2C%22x_axis_gridlines%22%3Afalse%2C%22y_axis_gridlines%22%3Atrue%2C%22show_y_axis_labels%22%3Atrue%2C%22show_y_axis_ticks%22%3Atrue%2C%22y_axis_tick_density%22%3A%22default%22%2C%22y_axis_tick_density_custom%22%3A5%2C%22show_x_axis_label%22%3Atrue%2C%22show_x_axis_ticks%22%3Atrue%2C%22y_axis_scale_mode%22%3A%22linear%22%2C%22x_axis_reversed%22%3Afalse%2C%22y_axis_reversed%22%3Afalse%2C%22plot_size_by_field%22%3Afalse%2C%22trellis%22%3A%22%22%2C%22stacking%22%3A%22%22%2C%22legend_position%22%3A%22center%22%2C%22point_style%22%3A%22none%22%2C%22show_value_labels%22%3Afalse%2C%22label_density%22%3A25%2C%22x_axis_scale%22%3A%22auto%22%2C%22y_axis_combined%22%3Atrue%2C%22ordering%22%3A%22none%22%2C%22show_null_labels%22%3Afalse%2C%22show_totals_labels%22%3Afalse%2C%22show_silhouette%22%3Afalse%2C%22totals_color%22%3A%22%23808080%22%2C%22type%22%3A%22looker_grid%22%2C%22defaults_version%22%3A1%2C%22series_types%22%3A%7B%7D%2C%22hidden_fields%22%3A%5B%22count%22%5D%7D&filter_config=%7B%22query.model%22%3A%5B%7B%22type%22%3A%22%21null%22%2C%22values%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22id%22%3A0%7D%5D%2C%22count%22%3A%5B%7B%22type%22%3A%22%3D%22%2C%22values%22%3A%5B%7B%22constant%22%3A%220%22%7D%2C%7B%7D%5D%2C%22id%22%3A1%7D%5D%2C%22__%21internal%21__%22%3A%5B%22OR%22%2C%5B%5B%22AND%22%2C%5B%5B%22FILTER%22%2C%7B%22field%22%3A%22query.model%22%2C%22value%22%3A%22-NULL%22%2C%22type%22%3A%22%21null%22%7D%5D%2C%5B%22FILTER%22%2C%7B%22field%22%3A%22count%22%2C%22value%22%3A%220%22%7D%5D%5D%5D%5D%5D%7D&dynamic_fields=%5B%7B%22category%22%3A%22measure%22%2C%22expression%22%3Anull%2C%22label%22%3A%22Count%22%2C%22value_format%22%3Anull%2C%22value_format_name%22%3Anull%2C%22based_on%22%3A%22event_attribute.value%22%2C%22_kind_hint%22%3A%22measure%22%2C%22measure%22%3A%22count%22%2C%22type%22%3A%22count_distinct%22%2C%22_type_hint%22%3A%22number%22%2C%22filters%22%3A%7B%22event_attribute.value%22%3A%22%25%2Fauth%2Fbigquery.readonly%25%22%7D%7D%5D&origin=share-expanded\n```\n\nEach of these users will need to [reauthorize their OAuth connection credentials](#reauthorize) to ensure uninterrupted schedule delivery.\n\n(Optional) Force read-only scope usage across your Looker instance\n------------------------------------------------------------------\n\nTo sign out all your users who have OAuth credentials that allow read and write scope from any of your BigQuery connections, follow these steps:\n\n1. Navigate to the [Admin settings - General settings](/looker/docs/admin-panel-general-settings) page.\n2. Toggle the **Force BigQuery Readonly Scope usage** setting to \"Enabled\" and click **Update**.\n\nThis process does not sign your users back in to BigQuery. Your users will be prompted to sign in to BigQuery the next time they run a query that is based on a model with a BigQuery connection. Any schedules that are dependent on these connections will fail until the user signs in. You can also [reassign a schedule](/looker/docs/admin-panel-alerts-and-schedules-schedule#reassign_a_schedule) to yourself or another user who has already reauthorized their OAuth connection credentials."]]