My Looker Studio report fails to generate a table when the underlying BigQuery source includes a column protected by a policy tag. When I remove the policy tag from the column, the report works perfectly.
The error in Looker Studio is a generic system error: Looker Studio has encountered a system error. Error ID: 37485d88
However, the BigQuery audit log shows a clear “Access Denied” error on the policy tag itself.
What I’ve Checked
This is what’s confusing me:
-
Direct BQ Query Works: I can query the table and the specific policy-tagged column successfully directly in the BigQuery Console with my own user credentials.
-
Correct Permissions: My user account (@mservice.com.vn
) has been granted bothBigQuery Data Vieweron the project with the table andFine-Grained Reader` on the project with the policy tag.
This makes me think the issue is not a simple missing permission, but rather how Looker Studio is authenticating its request to BigQuery for columns with fine-grained security.
The Log Error:
{ … “authenticationInfo”: { “principalEmail”: “@company.com” }, … “status”: { “code”: 7, “message”: “Access Denied: BigQuery BigQuery: User does not have permission to access policy tag projects/123/locations/us/taxonomies/456/policyTags/789. on column my_project.my_dataset.my_table.column.” } }
Even I could not “Preview” in table connection of Looker Studio
What could cause Looker Studio to fail this permission check when a direct query from the BigQuery console succeeds with the same user and the same permissions? Are there additional IAM roles (like Service Account User) or specific data source credential settings required for Looker Studio to correctly handle policy tags?