Managing healthcare data access in BigQuery

This document explains strategies for securing clinical and operational healthcare data in BigQuery for researchers, data scientists, and IT teams.

There are many ways to configure data access control in Google Cloud. Controlling data access is crucial for implementing the principle of least privilege, a best practice within Google Cloud.

Using IAM to secure data

Identity and Access Management (IAM) lets you grant granular access to specific Google Cloud resources and helps to prevent access to other resources. IAM lets you adopt the security principle of least privilege, where you grant only the necessary permissions to users for accessing resources. For example, in BigQuery, you can control IAM permissions for read, create, and write operations. For more information, see BigQuery IAM permissions and access control examples.

Reorienting your data schema through views

Many of the queries you run against BigQuery can be turned into a view. Views let you compose queries with a high degree of flexibility, which lets you reorient your data as it was initially written into the dataset. A view then makes the data available for analysis, similar to how you would analyze a table.

Additionally, views are logical and not materialized. This means that, unlike a table, a view executes its query every time it is called, so there are no data storage costs for views.

Creating authorized views for security at row and column levels

When data is exported to BigQuery, IAM controls can only go so far. For example, IAM controls don't provide row-level and column-level controls. To provide these controls, we recommend creating authorized views in BigQuery or using the BigQuery column-level security feature.

An authorized view lets you share information with specified users and groups without giving them access to the underlying tables. Column-level security lets you restrict information from users who do not have proper access by using policy tags. You can also use SQL with views in order to restrict the columns (fields) and rows to your user's specific needs. For more information and examples, see creating authorized views.

There are limits to views. For more information, see view limits.

What's next