{"id":9780,"library":"google-cloud-bigquery-datapolicies","title":"Google Cloud BigQuery Data Policies","description":"The Google Cloud BigQuery Data Policies API client library provides programmatic access to manage data policies (e.g., column-level security or data masking) within BigQuery datasets. This library allows users to create, retrieve, update, and delete data policies, enforcing fine-grained access control on BigQuery data. It is currently at version 0.9.0 and is part of the `google-cloud-python` monorepo, receiving updates aligned with the underlying API and shared client library components.","status":"active","version":"0.9.0","language":"en","source_language":"en","source_url":"https://github.com/googleapis/google-cloud-python/tree/main/packages/google-cloud-bigquery-datapolicies","tags":["google-cloud","bigquery","data-governance","security","data-masking","column-level-security"],"install":[{"cmd":"pip install google-cloud-bigquery-datapolicies","lang":"bash","label":"Install stable version"}],"dependencies":[{"reason":"Core functionality for Google Cloud APIs, including authentication and API calls.","package":"google-api-core"},{"reason":"Often used in conjunction with BigQuery Data Policies for complete data governance solutions.","package":"google-cloud-bigquery","optional":true}],"imports":[{"note":"Google Cloud client libraries often include API version numbers (e.g., `_v1`) in their import paths to distinguish between different API versions.","wrong":"from google.cloud import bigquery_datapolicies","symbol":"DataPolicyServiceClient","correct":"from google.cloud import bigquery_datapolicies_v1\nclient = bigquery_datapolicies_v1.DataPolicyServiceClient()"}],"quickstart":{"code":"import os\nfrom google.cloud import bigquery_datapolicies_v1\nfrom google.api_core.exceptions import GoogleAPIError\n\ndef list_bigquery_data_policies(project_id: str, location: str):\n    \"\"\"Lists BigQuery data policies for a given project and location.\"\"\"\n    # Ensure GOOGLE_CLOUD_PROJECT and GOOGLE_APPLICATION_CREDENTIALS\n    # or other authentication methods are set in your environment.\n    client = bigquery_datapolicies_v1.DataPolicyServiceClient()\n    parent = f\"projects/{project_id}/locations/{location}\"\n\n    print(f\"Listing data policies for {parent}:\")\n    try:\n        response = client.list_data_policies(parent=parent)\n        policies_found = False\n        for data_policy in response:\n            print(f\"  - Data Policy: {data_policy.name}\")\n            policies_found = True\n        if not policies_found:\n            print(\"  No data policies found.\")\n    except GoogleAPIError as e:\n        print(f\"Error listing data policies: {e}\")\n\n# Example usage:\n# Replace with your actual project ID and desired location\nPROJECT_ID = os.environ.get(\"GOOGLE_CLOUD_PROJECT\", \"your-gcp-project-id\")\nLOCATION = os.environ.get(\"GCP_REGION\", \"us-central1\") # e.g., \"us-central1\", \"europe-west2\"\n\nif PROJECT_ID == \"your-gcp-project-id\":\n    print(\"Please set the GOOGLE_CLOUD_PROJECT environment variable or replace 'your-gcp-project-id' in the script.\")\nelse:\n    list_bigquery_data_policies(PROJECT_ID, LOCATION)","lang":"python","description":"This quickstart initializes the BigQuery Data Policies client and lists all data policies within a specified Google Cloud project and location. Remember to authenticate your application (e.g., via `gcloud auth application-default login` or `GOOGLE_APPLICATION_CREDENTIALS`)."},"warnings":[{"fix":"Always pin to a specific `0.x.y` version in your `requirements.txt` (e.g., `google-cloud-bigquery-datapolicies==0.9.0`) and review release notes when upgrading.","message":"The library is in `0.x.x` versioning. While generally stable, this indicates that the API is not yet declared stable and may introduce breaking changes in minor versions, not just major versions.","severity":"gotcha","affected_versions":"0.1.0 - 0.9.0"},{"fix":"Ensure that the `location` parameter (e.g., 'us-central1', 'europe-west2') in your API calls is correct and matches the region where your data policies are defined.","message":"BigQuery Data Policies are a regional resource. You must specify a valid `location` when interacting with the API, as operations on resources in a `global` location are not supported.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Verify that the principal (user or service account) used for authentication has the appropriate IAM roles on the BigQuery project or dataset. For creating/managing policies, 'BigQuery Data Policy Admin' is typically required.","message":"PermissionDenied errors (HTTP 403) are common when your service account or user lacks the necessary IAM roles to manage BigQuery Data Policies. Required roles include 'BigQuery Data Policy Admin' or equivalent custom roles.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-17T00:00:00.000Z","next_check":"2026-07-16T00:00:00.000Z","problems":[{"fix":"Correct the import statement to include the API version, usually `_v1`. Use `from google.cloud import bigquery_datapolicies_v1` instead.","cause":"Attempting to import the client library without specifying the API version, which is required for this library.","error":"ModuleNotFoundError: No module named 'google.cloud.bigquery_datapolicies'"},{"fix":"Specify a valid regional location (e.g., 'us-central1', 'europe-west2') for all API calls involving BigQuery Data Policies.","cause":"Trying to perform operations on BigQuery Data Policies in a 'global' location, which is not allowed. Data policies are regional resources.","error":"google.api_core.exceptions.NotFound: 404 Not found: Location 'global' is not supported for BigQuery Data Policy APIs."},{"fix":"Double-check the `project_id` for accuracy. Ensure your `GOOGLE_CLOUD_PROJECT` environment variable is set correctly or the project ID is explicitly passed correctly. Verify that the authenticated service account or user has access to that specific project.","cause":"The `project_id` provided in the API call (e.g., in the `parent` string) is incorrect, misspelled, or the authenticated principal does not have access to it.","error":"google.api_core.exceptions.InvalidArgument: 400 Invalid argument: Requested project 'your-project' does not exist."}]}