How the OWOX BI Extension Keeps Your Data Safe

How the OWOX BI Extension Keeps Your Data Safe

In this article, we explain how the BigQuery Reports (Google Sheets extension) keeps your data safe. OWOX doesn't save anything from your BigQuery on OWOX servers only Queries are saved to accomplish your everyday tasks and report updates.

OWOX BI Uses Google Cloud Platform (GCP) Infrastructure

This means all data processed in our service follows Google's security standards. We use a secure connection to GCP projects, ensuring data integrity with strong encryption.

Access to BigQuery Through Your Google Account

When you install the OWOX BI BigQuery Reports extension, you need to grant access to your Google account used with GCP and BigQuery. Access is granted through the OAuth window. OAuth tokens are securely stored on Google Cloud servers, providing limited access to enhance security. This access allows the extension to import data from BigQuery into Google Sheets and export data from Google Sheets to BigQuery.

Minimum Roles Needed in GCP for Your Google Account

The required BigQuery role depends on the data direction you use:

  • Importing Data from BigQuery to Google Sheets: You need BigQuery Job User and BigQuery Data Viewer roles.
  • Importing Data from Google Sheets to BigQuery: You need BigQuery Admin or BigQuery Data Owner roles.

OWOX BI Extension Only Uses the Necessary Scopes

When installing the extension, you grant permission for these actions:


Permission Purpose
See, edit, create, and delete all of your Google Drive files The extension only edits Google Sheets to insert data from BigQuery. We don't delete any files.
View and manage your data in BigQuery and see the email address for your Google Account It is needed to execute SQL queries and import data from Sheets to BigQuery.
See, edit, create, and delete all your Google Sheets spreadsheets Similar to the first point, the extension edits Sheets to insert data from BigQuery.
Connect to an external service Most operations (schedule runs, Query management, etc) occur on OWOX BI servers due to the limited capabilities of Google Workspace's AppsScript.
Allow this application to run when you are not present Executing report updates on a schedule.
Display and run third-party web content in prompts and sidebars inside Google applications Enhances user experience with a sidebar for managing queries and schedules.


OWOX BI Extension Does Not Create Or Delete Your Google Drive Files and Sheets

Right now full access is necessary. We are considering adding a feature for selective access in the future. As of today, our extension only uses permissions to insert data from BigQuery into Sheets or vice versa. It does not create or delete files.

You Can Limit Access to Specific BigQuery Datasets and Tables

The extension accesses BigQuery based on the permissions of the selected Google account. The required roles depend on the functionality:

  • Importing Data from BigQuery to Google Sheets (allows only data viewing scenarios): your account should have the minimum roles of BigQuery Job User (at the project level) and BigQuery Data Viewer (either at the project or dataset level). Using these roles, the extension can manage created Queries and execute them without editing your data in BigQuery, only viewing it. Read more in this article.
  • Importing Data from Google Sheets to BigQuery (requires data editing permissions in your BigQuery): your account should have the roles of BigQuery Admin or BigQuery Data Owner.

During the extension installation, you select the necessary Google account. The access level and permissions for this account can be managed on the IAM & Admin page or by granting access to specific projects, datasets, or tables.

You Can Revoke Access At Any Time

You can revoke access at the GCP project level or the specific dataset level. Read more in this article.

You Can Easily Monitor Data Access in BigQuery

Use BigQuery audit logs to monitor access and actions, ensuring transparency and accountability. At OWOX BI, we're committed to being transparent and simplifying how you understand your use of our products. If you need to see who's running Queries and how much data they're processing, we've got a Google Sheets template for you. Read more in this article.

OWOX BI Extension Does Not Share Your Google Sheets Documents To Other Users

You have full control over who can access your Google Sheets documents using Google Drive's sharing features. The OWOX BI Reports extension does not add any new users to your documents.

OWOX BI Does Not Save Your Data on OWOX Servers

Your data is directly and securely transported from BigQuery to Google Sheets without getting onto the OWOX BI servers. You can view the data movement schema here.

OWOX BI Is Certified

The OWOX BI BigQuery Reports Extension meets CASA Tier 2 security standards and has passed a rigorous Cloud Application Security Assessment conducted by PWC.

OWOX BI complies with relevant data privacy frameworks and security standards, including participating in the Data Privacy Framework (DPF) Program.



You might also be interested in

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Please sign in to leave a comment.