The problem I’m having
Using BigQuery policy tags for column level access is great but there is a killer weakness in the fact that BigQuery does not support tags in SQL meaning that the table exists before the tags are applied. This means there is always a small window where anyone with dataset access and table access (prereqs to column level access) can access any column.
This is especially problematic when dbt fails for any reason. Noticing that and restarting a failed run can mean that a table exists WITH data but WITHOUT tags for hours. This is really not ideal.
The context of why I’m trying to do this
Build a warehouse using dbt with column level access in BigQuery.
Has anyone overcome this problem ? I’m not convinced there is a nice solution from a dbt perspective; it feelsl ike Google making it possible to have no tag mean no access when opting in to column level access would be the right thing.