This article explains how the OWOX: Reports, Charts & Pivots extension keeps your data safe. OWOX doesn't save anything from your BigQuery on OWOX servers only Data Marts are saved to accomplish your everyday tasks and report updates.
OWOX BI Uses Google Cloud Platform (GCP) Infrastructure
This means all data processed in our service follows Google's security standards. We use a secure connection to GCP projects, ensuring data integrity with strong encryption.
Access to BigQuery Through Your Google Account
When you install the 'OWOX: Reports...' extension, you need to grant access to your Google account used with GCP and BigQuery. Access is granted through the OAuth window. OAuth tokens are securely stored on Google Cloud servers, providing limited access to enhance security. This access allows the extension to import data from BigQuery into Google Sheets and export data from Google Sheets to BigQuery.
Minimum Roles Needed in GCP for Your Google Account
The required BigQuery role depends on the data direction you use:
-
Importing Data from BigQuery to Google Sheets: You need
BigQuery Job User
andBigQuery Data Viewer
roles. -
Importing Data from Google Sheets to BigQuery: You need
BigQuery Admin
orBigQuery Data Owner
roles.
OWOX Extension Only Uses the Necessary Scopes
When installing the extension, you grant permission for these actions:
Permission | Purpose |
---|---|
See, edit, create, and delete all of your Google Drive files | The extension only edits Google Sheets to insert data from BigQuery. We don't delete any files. |
View and manage your data in BigQuery and see the email address for your Google Account | It is needed to execute SQL queries and import data from Sheets to BigQuery. |
See, edit, create, and delete all your Google Sheets spreadsheets | Similar to the first point, the extension edits Sheets to insert data from BigQuery. |
Connect to an external service | Most operations (schedule runs, Data Mart management, etc) occur on OWOX BI servers due to the limited capabilities of Google Workspace's AppsScript. |
Allow this application to run when you are not present | Executing report updates on a schedule. |
Display and run third-party web content in prompts and sidebars inside Google applications | Enhances user experience with a sidebar for managing Data Marts and schedules. |
OWOX Extension Does Not Create Or Delete Your Google Drive Files and Sheets
Right now full access is necessary. We are considering adding a feature for selective access in the future. As of today, our extension only uses permissions to insert data from BigQuery into Sheets or vice versa. It does not create or delete files.
You Can Limit Access to Specific BigQuery Datasets and Tables
The extension accesses BigQuery based on the permissions of the selected Google account. The required roles depend on the functionality:
-
Importing Data from BigQuery to Google Sheets (allows only data viewing scenarios): your account should have the minimum roles of
BigQuery Job User
(at the project level) andBigQuery Data Viewer
(either at the project or dataset level). Using these roles, the extension can manage created Data Marts and execute them without editing your data in BigQuery, only viewing it. Read more in this article. -
Importing Data from Google Sheets to BigQuery (requires data editing permissions in your BigQuery): your account should have the roles of
BigQuery Admin
orBigQuery Data Owner
.
During the extension installation, you select the necessary Google account. The access level and permissions for this account can be managed on the IAM & Admin page or by granting access to specific projects, datasets, or tables.
You Can Revoke Access At Any Time
You can revoke access at the GCP project level or the specific dataset level. Read more in this article.
You Can Easily Monitor Data Access in BigQuery
Use BigQuery audit logs to monitor access and actions, ensuring transparency and accountability. At OWOX BI, we're committed to being transparent and simplifying how you understand your use of our products. If you need to see who's running Data Marts and how much data they're processing, we've got a Google Sheets template for you. Read more in this article.
OWOX Extension Does Not Share Your Google Sheets Documents To Other Users
You have full control over who can access your Google Sheets documents using Google Drive's sharing features. The 'OWOX: Reports...' extension does not add any new users to your documents.
OWOX BI Does Not Save Your Data on OWOX Servers
Your data is directly and securely transported from BigQuery to Google Sheets without getting onto the OWOX BI servers. You can view the data movement schema below:
OWOX BI Is Certified
The 'OWOX: Reports, Charts & Pivots' extension meets CASA Tier 2 security standards and has successfully passed a rigorous Cloud Application Security Assessment conducted by PWC.
OWOX BI complies with relevant data privacy frameworks and security standards, including participating in the Data Privacy Framework (DPF) Program.
You might also be interested in
0 Comments