Access Control
Start course

Bigtable is an internal Google database system that’s so revolutionary that it kickstarted the NoSQL industry. In the mid 2000s, Google had a problem. The web indexes behind its search engine had become massive and it took a long time to keep rebuilding them. The company wanted to build a database that could deliver real-time access to petabytes of data. The result was Bigtable.

Google went on to use Bigtable to power many of its other core services, such as Gmail and Google Maps. Finally, in 2015, it made Cloud Bigtable available as a service that its customers could use for their own applications.

In this course, you will learn which of your applications could make use of Bigtable and how to take advantage of its high performance.

Learning Objectives

  • Identify the best use cases for Bigtable
  • Describe Bigtable’s architecture and storage model
  • Optimize query performance through good schema design
  • Configure and monitor a Bigtable cluster
  • Send commands to Bigtable

Intended Audience

  • Data professionals
  • People studying for the Google Professional Data Engineer exam



The example code is at



Bigtable provides access control at the project, instance, and table levels. The most important roles for controlling access to Bigtable are reader, user, and admin. The reader role grants read access to data in tables and also to the performance monitoring graphs. The user role grants write access to tables. The admin role grants full access to everything in Bigtable, including the ability to create new instances.

If you set these roles at the project level, the permissions apply to all of the tables in the projects. So, for example,  a reader can read all of the data in all of the tables in the project.

If you don’t want a user to have the same level of access to all of the tables in a project, then you can assign roles at the individual table level. But there’s no way to limit a user’s access to specific rows or columns. This only applies to users with Google Cloud accounts that can access Bigtable directly, though. You can still, of course, limit end-user access any way you want through your application.

To assign one of the 3 roles to a GCP user, you need to go to the IAM page in the console. If Cloud Bigtable doesn’t show up in the list, then you need to enable the Bigtable API. This is all you have to do.

And that’s it for access control.


About the Author
Learning Paths

Guy launched his first training website in 1995 and he's been helping people learn IT technologies ever since. He has been a sysadmin, instructor, sales engineer, IT manager, and entrepreneur. In his most recent venture, he founded and led a cloud-based training infrastructure company that provided virtual labs for some of the largest software vendors in the world. Guy’s passion is making complex technology easy to understand. His activities outside of work have included riding an elephant and skydiving (although not at the same time).