The authorized views UI shows a listing of all of the authorized views managed by Datashare. An authorized view is considered managed by Datashare when it is created through the 'Create Authorized View' functionality of Datashare, and is labled with key 'datashare_managed' and value of 'true'. If you want to view the authorized views that are managed and created by Datashare, click the button with the ellipsis image in the rightmost column and click 'Views'.
To view the authorized view within BigQuery, click the button in the sixth column.
- Click the 'CREATE AUTHORIZED VIEW' button on the top right.
- Provide a view name and description.
- Select the dataset Id for where you want to create the new authorized view. It is recommended that this be created in a dataset that's used primarly for sharing data.
- Choose if you want to configure the view using 'Source-based' or 'Custom'.
- Source-based: provides a wizard like setup requiring little to no writing of SQL.
- Custom: provides ability to write SQL directly.
- If using Source-based you will also have the option to configure public access.
- You can also define row level access or expiration as required.
Once you've configured everything that you want, you can click the 'VALIDATE' button on the bottom right in order to validate and ensure all of the selected and entered options are valid. Additionally, you can click 'SAMPLE DATA' to view a table of sample data that is generated at runtime.
- Click 'SAVE' to create the view.
Row level access configuration works in conjunction with policies. Row level access tags that accounts are entitled to are configured within policies, and in this section is where you can define a single column to use for performing the row level filtering. The column may also contain a delimited list of values to use. In this example we're using a column named 'label' and there are multiple values in the column delimited by a pipe '|'.
If you use a Source-based configuration for an authorized view, you will also have the option to configure 'Public Access'. Public access is a feature that can be enabled and is useful when you're using row-level access. If a user is granted access to a particular dataset or view, however doesn't have access to any rows, then the public access will kick in and provide the user with public access (sample data).
In the event where you want a consumer to have limited access to an authorized view, you may define an expiration date and time. You may also choose to delete the view upon expiry, if you do not want to delete the view upon expiry, then the view will continue to exist, though the consumer will have zero rows returned, or the public access data returned (if configured).
- Click on the pencil icon in the rightmost column.
- Make the necessary modifications. Ensure caution as an edit to an existing view will impact all users entitled to it.
- Click 'Save'.
Ensure caution when deleting any view. If you have GCP Marketplace integration set up, this can break any solution or user associations for purchased solutions that you are selling through marketplace.
- Click the trash image on the rightmost side.
- Click 'DELETE' to confirm the deletion.