To get the permissions that
you need to add a BigQuery policy tag to a table in Dataform,
ask your administrator to grant you the
Dataform Editor (roles/dataform.editor)
IAM role on workspaces.
For more information about granting roles, see Manage access to projects, folders, and organizations.
Replace FULL_TAG_IDENTIFIER with the full identifier
of the selected tag.
Optional: Click Format.
The following code sample shows the
projects/example-project/locations/us/taxonomies/123456789/policyTags/123456789
sample BigQuery policy tag added to column1:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eThis guide details how to add BigQuery policy tags to table columns within Dataform core using the \u003ccode\u003econfig\u003c/code\u003e block in a table definition SQLX file.\u003c/p\u003e\n"],["\u003cp\u003eAdding a BigQuery policy tag requires the Dataform Editor role and appropriate BigQuery roles for column-level access control to be granted to your Dataform service account.\u003c/p\u003e\n"],["\u003cp\u003eTo implement a policy tag, specify the full tag identifier in the \u003ccode\u003ebigqueryPolicyTags\u003c/code\u003e array within the \u003ccode\u003ecolumns\u003c/code\u003e configuration in your table definition.\u003c/p\u003e\n"],["\u003cp\u003eThe required format is \u003ccode\u003ecolumns: { column_name: { bigqueryPolicyTags: ["FULL_TAG_IDENTIFIER"] } }\u003c/code\u003e, where FULL_TAG_IDENTIFIER represents the complete path to your BigQuery tag.\u003c/p\u003e\n"]]],[],null,["# Control column access\n\nThis document shows you how to control column access by adding BigQuery\npolicy tags to table columns with\n[Dataform core](/dataform/docs/overview#dataform-core).\n\nYou can set\n[BigQuery policy tags](/bigquery/docs/column-level-security-intro)\non table columns in the `config` block in a table definition SQLX file.\n\nBefore you begin\n----------------\n\n1. In the Google Cloud console, go to the **Dataform** page.\n\n [Go to the Dataform page](https://console.cloud.google.com/bigquery/dataform)\n2. Select or [create a repository](/dataform/docs/create-repository).\n\n3. Select or [create a development workspace](/dataform/docs/create-workspace).\n\n4. [Create a table](/dataform/docs/create-tables#create-table).\n\n### Required roles\n\n\nTo get the permissions that\nyou need to add a BigQuery policy tag to a table in Dataform,\n\nask your administrator to grant you the\n\n\n[Dataform Editor](/iam/docs/roles-permissions/dataform#dataform.editor) (`roles/dataform.editor`)\nIAM role on workspaces.\n\n\nFor more information about granting roles, see [Manage access to projects, folders, and organizations](/iam/docs/granting-changing-revoking-access).\n\n\nYou might also be able to get\nthe required permissions through [custom\nroles](/iam/docs/creating-custom-roles) or other [predefined\nroles](/iam/docs/roles-overview#predefined).\n\nAdditionally, you must grant your [Dataform service account](/dataform/docs/access-control#about-service-accounts)\n[BigQuery roles for column-level access control](/bigquery/docs/column-level-security-intro#roles).\n\nAdd a BigQuery policy tag\n-------------------------\n\nTo add a BigQuery policy tag to a table column, follow these steps:\n\n1. Go to your development workspace.\n2. In the **Files** pane, expand `definitions/`.\n3. Select a table definition SQLX file.\n4. In the `config` block, add a full tag identifier to a selected\n column in the following format:\n\n columns: {\n column_name: {\n bigqueryPolicyTags: [\"\u003cvar translate=\"no\"\u003eFULL_TAG_IDENTIFIER\u003c/var\u003e\"]\n }\n }\n\n Replace \u003cvar translate=\"no\"\u003eFULL_TAG_IDENTIFIER\u003c/var\u003e with the full identifier\n of the selected tag.\n5. Optional: Click **Format**.\n\nThe following code sample shows the\n`projects/example-project/locations/us/taxonomies/123456789/policyTags/123456789`\nsample BigQuery policy tag added to `column1`: \n\n config {\n type: \"table\",\n columns: {\n column1: {\n description: \"Some description\",\n bigqueryPolicyTags: [\"projects/example-project/locations/us/taxonomies/123456789/policyTags/123456789\"]\n }\n }\n }\n\n SELECT \"test\" AS column1\n\nWhat's next\n-----------\n\n- To learn more about BigQuery policy tags, see [Introduction to column-level access control](/bigquery/docs/column-level-security-intro).\n- To learn how to add BigQuery labels in Dataform, see [Add BigQuery labels](/dataform/docs/labels).\n- To learn how to add Dataform tags to create collections of tables, see [Add execution tags](/dataform/docs/configure-additional-actions#add-execution-tags)."]]
