The video explains how to create policy tags in Google Cloud Data Catalog to categorize and apply access control to data in BigQuery tables based on sensitivity. A comprehensive taxonomy is created, and a user guide is used to assign policy tags to specific tables. The speaker demonstrates how to assign policy tags to columns in a BigQuery table using a JSON file, allowing for quick and easy application of policy tags to multiple tables. Access to resources is then assigned based on policy tags, with different levels of access given to different identities. Access control is verified through logs before enforcement.
00:00:00 In this section, the speaker explains how to create a taxonomy for applying policy tags to data in BigQuery tables based on data sensitivity. The taxonomy categorizes data as low sensitive, medium sensitive, or high sensitive. The speaker suggests creating a comprehensive taxonomy to apply to all data and then using a user guide to determine which policy tags should be applied to specific tables. Creating a root policy tag allows the application of sub-tags to individuals or groups, simplifying the access control process. After creating the taxonomy, the speaker demonstrates how to apply policy tags to a BigQuery table by editing its schema.
00:05:00 In this section, the speaker describes a method to assign policy tags to columns in a BigQuery table using a JSON file. Initially, the schema is manually edited, adding policy tags for each column, and then saved. However, to avoid the manual process for each column, the schema can be edited using a JSON file from the command line. The JSON file contains the policy tag assignments for each column in the schema. By applying this JSON file to the table schema, all the policy tags are quickly assigned. This method allows for easy application of policy tags to any table by modifying the JSON file and applying it with a BigQuery command. Ultimately, the speaker recommends creating a comprehensive JSON file with policy tags and applying it to multiple BigQuery table schemas, deleting unnecessary columns for each specific table.
00:10:00 In this section, the process of applying access to resources based on policy tags is discussed. Different levels of access are assigned to each identity based on the kind of data they should have access to. Access is given by selecting the level and applying a fine-grained reader role to the identity at that level. It is important to note that access control should not be enforced immediately, but rather verified through logs to ensure that all the necessary identities have been included. Once access control is enforced, users will only have access to the data they were granted access to with the policy tags.