Connect to BigQuery in Wondaris

Connect your BigQuery tables or views to Wondaris Explore to leverage your data for audience building and analysis, while controlling data exposure and simplifying permissions management.

You can avoid granting broad access to the underlying data by utilising views (materialised or standard).

To use this feature, please contact support@wondaris.com or your customer success manager (at Wondaris or your implementation partner)

Prerequisites

For best practices please see our secure connection guide: https://wondaris.atlassian.net/wiki/spaces/WPK/pages/4077912069

Instructions

Select BigQuery: In the Wondaris Explore welcome screen, choose BigQuery as your data source (you may not see the same options as below, depending on your licence)
Configure the Connection: Fill in the connection details:
1. Connection Name: Provide a descriptive name for this connection (required).
2. GCP Project ID: Enter your Google Cloud Project ID. You can get this on the home page of Google Cloud console: https://console.cloud.google.com
3. Authorization Method: Choose one of the following:
  For more info see: https://wondaris.atlassian.net/wiki/spaces/WPK/pages/4077912069
  - Wondaris Service Account (Granting permissions)
    - Grant the following roles to the Wondaris service account: mdp-cloud-run-service@wondaris-193901.iam.gserviceaccount.com:
      - Data Access - you can assign to either the project, dataset or tables & views you want Wondaris to have access to:
        Read Only: BigQuery Data Viewer
        Read & Write (for ML Enrichments): BigQuery Data Editor
      - Ability to query the data - you must assign this to the project where the data resides which you want Wondaris to have access to:
        BigQuery Job User
        BigQuery Read Session User
    - Instructions for granting roles in the Google Cloud Console can be found in the official documentation: https://cloud.google.com/iam/docs/grant-role-console#grant_an_iam_role
  - Your own Service account key (Uploading Key)
    - Create a Service Account: Create a dedicated service account in your GCP project and grant it the same roles as above. This isolates permissions and improves security.
      For more info on service account creation, see the official documentation: https://support.google.com/a/answer/7378726?hl=en
    - Generate a Key File: Download a JSON key file for the service account. For more info on Key File Generation, see the official documentation: https://cloud.google.com/iam/docs/keys-create-delete#creating

Upload the Key File: Upload the JSON key file in the connection form within Wondaris.

Your credentials are stored in a secure secrets store within a customer-specific, isolated environment just for your instance of Wondaris.

For more info or to ask any security questions please reach out to security@wondaris.com

Test Connection: Click "Test Connection" to validate the credentials and ensure Wondaris can access your BigQuery data.
Connect: After a successful test, click "Connect" to finalise the connection.

Post-Connection Steps

After successfully connecting, you can select specific tables or views from your connected BigQuery project within Wondaris Explore to build and activate audiences. Using views is highly recommended for limiting data exposure and managing permissions effectively.

Metadata Tagging (Recommended)

For enhanced filtering capabilities when building segments/audiences, we strongly recommend tagging metadata for your data columns. Navigate to Source Connection → Metadata within Wondaris to add these tags.

A beta feature can be enabled which automatically tags your data based on the existing metadata that is present in your BigQuery tables / views.

Reach out to support@wondaris.com to find out more.