Connect to BigQuery

Sigma supports secure connections to BigQuery.

This document explains how to connect your organization to a BigQuery warehouse.

📘

For information about Sigma feature compatibility with BigQuery connections, see Region, warehouse, and feature support.

Requirements

• You must be assigned the Admin account type in your Sigma organization. See Create and manage account types.
• You must have permission to create a service account on your Google Cloud Project. See Create service accounts in the Google Cloud documentation.

You must also determine what permissions to grant to the service account that you plan to use to connect to BigQuery. Avoid granting excessive permissions. For example, the account does not require BigQuery Connection Admin-level access.

Create a BigQuery service account

Before you connect to Sigma, you must visit the Google Cloud Platform (GCP) console to create a service account for your BigQuery organization and generate a JSON private key for the service account.

• For instructions on creating a service account, see Create service accounts in the Google Cloud IAM documentation.
• For instructions on creating a JSON private key for the service account, see Create and delete service account keys in the Google Cloud IAM documentation.

A GCP service account is a type of Google account that can securely communicate over Google APIs on your behalf. The service account performs operations on behalf of Sigma in your BigQuery organization.

Account permissions and roles

When creating your service account, you must grant it specific access permissions called roles.

To run BigQuery with Sigma, grant your service account the following roles:

• BigQuery Data Viewer
• BigQuery Job User
• BigQuery Data Editor (This role is only required if you intend to enable write access on your connection.)

For more details about roles in BigQuery, see IAM roles and permissions index in the Google Cloud documentation.

Create a Connection in Sigma

1. In Sigma, open Administration > Connections.

2. Click Create Connection.

3. In the Connection details, specify the following:

   Name	Enter a Name for the new connection. Sigma displays this name in the connection list.
   Type	Select BigQuery.

4. Under Billing project ID, enter your GCP ‘Project ID’. This can be found under ‘Project Info’ on your GCP console dashboard. Find your project id. Note: Grant the service account the “BigQuery Data Viewer“ role for the project's datasets. See BigQuery documentation on Control access to resources with IAM: Grant access to a resource.

5. Select your desired Authentication method for your BigQuery connection.

   • If you want to use Basic Auth, continue to the next step.
   • If you want to use OAuth, see Connect to BigQuery with OAuth (Beta).

6. Under Service account, paste the JSON key you created when setting up your service account. The key is located in the .json file that was downloaded to your computer when you created the service account.

7. [Optional] Under Additional project IDs, you can add additional BigQuery project IDs to the same connection. Separate multiple IDs with a comma. For example, project-id-001, project-id-002

   📘

   The service account must be granted the BigQuery Data Viewer role for each project's datasets. For more details, see Control access to resources with IAM: Grant access to a resource in the Google Cloud documentation.

8. Under Connection Features, specify the following:

   Connection timeout

   The time before timeout (or cancellation), in seconds, that Sigma waits for the query to return results.

   Default is 120, or 2 minutes.

   Maximum is 600, or 10 minutes.

   Use friendly names

   This toggle makes column names from the data source more readable.

   For example, a database column ORDER_NUMBER or OrderNumber appears as Order Number.

   On by default.

9. Follow the steps to enable write access. Write access is required to use input tables, upload CSV data, materialization, and more. The service account must be granted the BigQuery Data Editor role.

   💡

   Configure a separate project, or a project and dataset combination, for write-access purposes. By design, the destination that you configure for write access is not visible in the Sigma connection explorer pane. The data that Sigma writes to this destination is not formatted in a way that can be browsed and used.

10. After completing the form, click Create.

Confirm your connection

After you have created your connection, you can confirm that your data is accessible by visiting the Connections section in the left hand navigation panel of Sigma Home.

1. Go to Sigma Home.
2. From the left hand navigation panel, select the new warehouse connection.
3. Explore your connection’s datasets and tables, confirming the connection was successful. See Review and manage your data catalog.