Scan for data quality issues
This document explains how to use BigQuery and Dataplex Universal Catalog together to ensure that data meets your quality expectations. Dataplex Universal Catalog automatic data quality lets you define and measure the quality of the data in your BigQuery tables. You can automate the scanning of data, validate data against defined rules, and log alerts if your data doesn't meet quality requirements.
For more information about automatic data quality, see the Auto data quality overview.
Before you begin
- 
  
    
    
      
    
  
  
    
  
  
  
  
    
      Enable the Dataplex API. Roles required to enable APIs To enable APIs, you need the Service Usage Admin IAM role ( roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enablepermission. Learn how to grant roles.
- Optional: If you want Dataplex Universal Catalog to generate recommendations for data quality rules based on the results of a data profile scan, create and run the data profile scan.
Required roles
- To run a data quality scan on a BigQuery table, you need permission to read the BigQuery table and permission to create a BigQuery job in the project used to scan the table. 
- If the BigQuery table and the data quality scan are in different projects, then you need to give the Dataplex Universal Catalog service account of the project containing the data quality scan read permission for the corresponding BigQuery table. 
- If the data quality rules refer to additional tables, then the scan project's service account must have read permissions on the same tables. 
- To get the permissions that you need to export the scan results to a BigQuery table, ask your administrator to grant the Dataplex Universal Catalog service account the BigQuery Data Editor ( - roles/bigquery.dataEditor) IAM role on the results dataset and table. This grants the following permissions:- bigquery.datasets.get
- bigquery.tables.create
- bigquery.tables.get
- bigquery.tables.getData
- bigquery.tables.update
- bigquery.tables.updateData
 
- If the BigQuery data is organized in a Dataplex Universal Catalog lake, grant the Dataplex Universal Catalog service account the Dataplex Metadata Reader ( - roles/dataplex.metadataReader) and Dataplex Viewer (- roles/dataplex.viewer) IAM roles. Alternatively, you need all of the following permissions:- dataplex.lakes.list
- dataplex.lakes.get
- dataplex.zones.list
- dataplex.zones.get
- dataplex.entities.list
- dataplex.entities.get
- dataplex.operations.get
 
- If you're scanning a BigQuery external table from Cloud Storage, grant the Dataplex Universal Catalog service account the Storage Object Viewer ( - roles/storage.objectViewer) role for the bucket. Alternatively, assign the Dataplex Universal Catalog service account the following permissions:- storage.buckets.get
- storage.objects.get
 
- If you want to publish the data quality scan results as Dataplex Universal Catalog metadata, you must be granted the BigQuery Data Editor ( - roles/bigquery.dataEditor) IAM role for the table, and the- dataplex.entryGroups.useDataQualityScorecardAspectpermission on the- @bigqueryentry group in the same location as the table. Alternatively, you must be granted the Dataplex Catalog Editor (- roles/dataplex.catalogEditor) role for the- @bigqueryentry group in the same location as the table.- Alternatively, you need all of the following permissions: - bigquery.tables.update- on the table
- dataplex.entryGroups.useDataQualityScorecardAspect- on the- @bigqueryentry group
 - Or, you need all of the following permissions: - dataplex.entries.update- on the- @bigqueryentry group
- dataplex.entryGroups.useDataQualityScorecardAspect- on the- @bigqueryentry group
 
- If you need to access columns protected by BigQuery column-level access policies, then assign the Dataplex Universal Catalog service account permissions for those columns. The user creating or updating a data scan also needs permissions for the columns. 
- If a table has BigQuery row-level access policies enabled, then you can only scan rows visible to the Dataplex Universal Catalog service account. Note that the individual user's access privileges are not evaluated for row-level policies. 
Required data scan roles
To use auto data quality, ask your administrator to grant you one of the following IAM roles:
- Full access to DataScanresources: Dataplex DataScan Administrator (roles/dataplex.dataScanAdmin)
- To create DataScanresources: Dataplex DataScan Creator (roles/dataplex.dataScanCreator) on the project
- Write access to DataScanresources: Dataplex DataScan Editor (roles/dataplex.dataScanEditor)
- Read access to DataScanresources excluding rules and results: Dataplex DataScan Viewer (roles/dataplex.dataScanViewer)
- Read access to DataScanresources, including rules and results: Dataplex DataScan DataViewer (roles/dataplex.dataScanDataViewer)
The following table lists the DataScan permissions:
| Permission name | Grants permission to do the following: | 
|---|---|
| dataplex.datascans.create | Create a DataScan | 
| dataplex.datascans.delete | Delete a DataScan | 
| dataplex.datascans.get | View operational metadata such as ID or schedule, but not results and rules | 
| dataplex.datascans.getData | View DataScandetails including rules and results | 
| dataplex.datascans.list | List DataScans | 
| dataplex.datascans.run | Run a DataScan | 
| dataplex.datascans.update | Update the description of a DataScan | 
| dataplex.datascans.getIamPolicy | View the current IAM permissions on the scan | 
| dataplex.datascans.setIamPolicy | Set IAM permissions on the scan | 
Create a data quality scan
Console
- In the Google Cloud console, on the BigQuery Metadata curation page, go to the Data profiling & quality tab. 
- Click Create data quality scan. 
- In the Define scan window, fill in the following fields: - Optional: Enter a Display name. 
- Enter an ID. See the resource naming conventions. 
- Optional: Enter a Description. 
- In the Table field, click Browse. Choose the table to scan, and then click Select. Only standard BigQuery tables are supported. - For tables in multi-region datasets, choose a region where to create the data scan. - To browse the tables organized within Dataplex Universal Catalog lakes, click Browse within Dataplex Lakes. 
- In the Scope field, choose Incremental or Entire data. - If you choose Incremental: In the Timestamp column field,
select a column of type DATEorTIMESTAMPfrom your BigQuery table that increases as new records are added, and that can be used to identify new records. It can be a column that partitions the table.
 
- If you choose Incremental: In the Timestamp column field,
select a column of type 
- To filter your data, select the Filter rows checkbox. Provide a row filter consisting of a valid SQL expression that can be used as a part of a - WHEREclause in GoogleSQL syntax. For example,- col1 >= 0. The filter can be a combination of multiple column conditions. For example,- col1 >= 0 AND col2 < 10.
- To sample your data, in the Sampling size list, select a sampling percentage. Choose a percentage value that ranges between 0.0% and 100.0% with up to 3 decimal digits. For larger datasets, choose a lower sampling percentage. For example, for a 1 PB table, if you enter a value between 0.1% and 1.0%, the data quality scan samples between 1-10 TB of data. For incremental data scans, the data quality scan applies sampling to the latest increment. 
- To publish the data quality scan results as Dataplex Universal Catalog metadata, select the Publish results to BigQuery and Dataplex Catalog checkbox. - You can view the latest scan results on the Data quality tab in the BigQuery and Dataplex Universal Catalog pages for the source table. To enable users to access the published scan results, see the Grant access to data profile scan results section of this document. 
- In the Schedule section, choose one of the following options: - Repeat: Run the data quality scan on a schedule: hourly, daily, weekly, monthly, or custom. Specify how often the scan runs and at what time. If you choose custom, use cron format to specify the schedule. 
- On-demand: Run the data quality scan on demand. 
 
- Click Continue. 
 
- In the Data quality rules window, define the rules to configure for this data quality scan. - Click Add rules, and then choose from the following options. - Profile based recommendations: Build rules from the recommendations based on an existing data profiling scan. - Choose columns: Select the columns to get recommended rules for. 
- Choose scan project: If the data profiling scan is in a different project than the project where you are creating the data quality scan, then select the project to pull profile scans from. 
- Choose profile results: Select one or more profile results and then click OK. This populates a list of suggested rules that you can use as a starting point. 
- Select the checkbox for the rules that you want to add, and then click Select. Once selected, the rules are added to your current rule list. Then, you can edit the rules. 
 
- Built-in rule types: Build rules from predefined rules. See the list of predefined rules. - Choose columns: Select the columns to select rules for. 
- Choose rule types: Select the rule types that you want to choose from, and then click OK. The rule types that appear depend on the columns that you selected. 
- Select the checkbox for the rules that you want to add, and then click Select. Once selected, the rules are added to your current rules list. Then, you can edit the rules. 
 
- SQL row check rule: Create a custom SQL rule to apply to each row. - In Dimension, choose one dimension. 
- In Passing threshold, choose a percentage of records that must pass the check. 
- In Column name, choose a column. 
- In the Provide a SQL expression field, enter a SQL expression that evaluates to a boolean - true(pass) or- false(fail). For more information, see Supported custom SQL rule types and the examples in Define data quality rules.
- Click Add. 
 
- SQL aggregate check rule: Create a custom SQL table condition rule. - In Dimension, choose one dimension. 
- In Column name, choose a column. 
- In the Provide a SQL expression field, enter a SQL expression that evaluates to a boolean - true(pass) or- false(fail). For more information, see Supported custom SQL rule types and the examples in Define data quality rules.
- Click Add. 
 
- SQL assertion rule: Create a custom SQL assertion rule to check for an invalid state of the data. - In Dimension, choose one dimension. 
- Optional: In Column name, choose a column. 
- In the Provide a SQL statement field, enter a SQL statement that returns rows that match the invalid state. If any rows are returned, this rule fails. Omit the trailing semicolon from the SQL statement. For more information, see Supported custom SQL rule types and the examples in Define data quality rules. 
- Click Add. 
 
 
- Optional: For any data quality rule, you can assign a custom rule name to use for monitoring and alerting, and a description. To do this, edit a rule and specify the following details: - Rule name: Enter a custom rule name with up to 63 characters. The rule name can include letters (a-z, A-Z), digits (0-9), and hyphens (-) and must start with a letter and end with a number or a letter.
- Description: Enter a rule description with a maximum length of 1,024 characters.
 
- Repeat the previous steps to add additional rules to the data quality scan. When finished, click Continue. 
 
- Optional: Export the scan results to a BigQuery standard table. In the Export scan results to BigQuery table section, do the following: - In the Select BigQuery dataset field, click Browse. Select a BigQuery dataset to store the data quality scan results. 
- In the BigQuery table field, specify the table to store the data quality scan results. If you're using an existing table, make sure that it is compatible with the export table schema. If the specified table doesn't exist, Dataplex Universal Catalog creates it for you. 
 
- Optional: Add labels. Labels are key-value pairs that let you group related objects together or with other Google Cloud resources. 
- Optional: Set up email notification reports to alert people about the status and results of a data quality scan job. In the Notification report section, click Add email ID and enter up to five email addresses. Then, select the scenarios that you want to send reports for: - Quality score (<=): sends a report when a job succeeds with a data quality score that is lower than the specified target score. Enter a target quality score between 0 and 100.
- Job failures: sends a report when the job itself fails, regardless of the data quality results.
- Job completion (success or failure): sends a report when the job ends, regardless of the data quality results.
 
- Click Create. - After the scan is created, you can run it at any time by clicking Run now. 
gcloud
To create a data quality scan, use the
gcloud dataplex datascans create data-quality command.
If the source data is organized in a Dataplex Universal Catalog lake, include the
--data-source-entity flag:
gcloud dataplex datascans create data-quality DATASCAN \
    --location=LOCATION \
    --data-quality-spec-file=DATA_QUALITY_SPEC_FILE \
    --data-source-entity=DATA_SOURCE_ENTITY
If the source data isn't organized in a Dataplex Universal Catalog lake, include
the --data-source-resource flag:
gcloud dataplex datascans create data-quality DATASCAN \
    --location=LOCATION \
    --data-quality-spec-file=DATA_QUALITY_SPEC_FILE \
    --data-source-resource=DATA_SOURCE_RESOURCE
Replace the following variables:
- DATASCAN: The name of the data quality scan.
- LOCATION: The Google Cloud region in which to create the data quality scan.
- DATA_QUALITY_SPEC_FILE: The path to the JSON or YAML file containing the specifications for the data quality scan. The file can be a local file or a Cloud Storage path with the prefix- gs://. Use this file to specify the data quality rules for the scan. You can also specify additional details in this file, such as filters, sampling percent, and post-scan actions like exporting to BigQuery or sending email notification reports. See the documentation for JSON representation and the example YAML representation.
- DATA_SOURCE_ENTITY: The Dataplex Universal Catalog entity that contains the data for the data quality scan. For example,- projects/test-project/locations/test-location/lakes/test-lake/zones/test-zone/entities/test-entity.
- DATA_SOURCE_RESOURCE: The name of the resource that contains the data for the data quality scan. For example,- //bigquery.googleapis.com/projects/test-project/datasets/test-dataset/tables/test-table.
REST
To create a data quality scan, use the
dataScans.create method.
If you want to build rules for the data quality scan by using rule
recommendations that are based on the results of a data profiling scan, get
the recommendations by calling the
dataScans.jobs.generateDataQualityRules method
on the data profiling scan.
Run a data quality scan
Console
- In the Google Cloud console, on the BigQuery Metadata curation page, go to the Data profiling & quality tab. 
- Click the data quality scan to run. 
- Click Run now. 
gcloud
To run a data quality scan, use the
gcloud dataplex datascans run command:
gcloud dataplex datascans run DATASCAN \ --location=LOCATION \
Replace the following variables:
- LOCATION: The Google Cloud region in which the data quality scan was created.
- DATASCAN: The name of the data quality scan.
REST
To run a data quality scan, use the
dataScans.run method.
View data quality scan results
Console
- In the Google Cloud console, on the BigQuery Metadata curation page, go to the Data profiling & quality tab. 
- Click the name of a data quality scan. - The Overview section displays information about the most recent jobs, including when the scan was run, the number of records scanned in each job, whether all the data quality checks passed, and if there were failures, the number of data quality checks that failed. 
- The Data quality scan configuration section displays details about the scan. 
 
- To see detailed information about a job, such as data quality scores that indicate the percentage of rules that passed, which rules failed, and the job logs, click the Jobs history tab. Then, click a job ID. 
gcloud
To view the results of a data quality scan job, use the
gcloud dataplex datascans jobs describe command:
gcloud dataplex datascans jobs describe JOB \ --location=LOCATION \ --datascan=DATASCAN \ --view=FULL
Replace the following variables:
- JOB: The job ID of the data quality scan job.
- LOCATION: The Google Cloud region in which the data quality scan was created.
- DATASCAN: The name of the data quality scan the job belongs to.
- --view=FULL: To see the scan job result, specify- FULL.
REST
To view the results of a data quality scan, use the
dataScans.get method.
View published results
If the data quality scan results are published as Dataplex Universal Catalog metadata, then you can see the latest scan results on the BigQuery and Dataplex Universal Catalog pages in the Google Cloud console, on the source table's Data quality tab.
- In the Google Cloud console, go to the BigQuery page. 
- In the left pane, click Explorer:  - If you don't see the left pane, click Expand left pane to open the pane. 
- In the Explorer pane, click Datasets, and then click your dataset. 
- Click Overview > Tables, and then select the table whose data quality scan results you want to see. 
- Click the Data quality tab. - The latest published results are displayed. 
View historical scan results
Dataplex Universal Catalog saves the data quality scan history of the last 300 jobs or for the past year, whichever occurs first.
Console
- In the Google Cloud console, on the BigQuery Metadata curation page, go to the Data profiling & quality tab. 
- Click the name of a data quality scan. 
- Click the Jobs history tab. - The Jobs history tab provides information about past jobs, such as the number of records scanned in each job, the job status, the time the job was run, and whether each rule passed or failed. 
- To view detailed information about a job, click any of the jobs in the Job ID column. 
gcloud
To view historical data quality scan jobs, use the
gcloud dataplex datascans jobs list command:
gcloud dataplex datascans jobs list \ --location=LOCATION \ --datascan=DATASCAN \
Replace the following variables:
- LOCATION: The Google Cloud region in which the data quality scan was created.
- DATASCAN: The name of the data quality scan to view historical jobs for.
REST
To view historical data quality scan jobs, use the
dataScans.jobs.list method.
Grant access to data quality scan results
To enable the users in your organization to view the scan results, do the following:
- In the Google Cloud console, on the BigQuery Metadata curation page, go to the Data profiling & quality tab. 
- Click the data quality scan you want to share the results of. 
- Click the Permissions tab. 
- Do the following: - To grant access to a principal, click Grant access. Grant the Dataplex DataScan DataViewer role to the associated principal.
- To remove access from a principal, select the principal that you want to remove the Dataplex DataScan DataViewer role from. Click Remove access, and then confirm when prompted.
 
Troubleshoot a data quality failure
You can set alerts for data quality failures using the logs in Cloud Logging. For more information, including sample queries, see Set alerts in Cloud Logging.
For each job with row-level rules that fail, Dataplex Universal Catalog provides a query to get the failed records. Run this query to see the records that did not match your rule.
Console
- In the Google Cloud console, on the BigQuery Metadata curation page, go to the Data profiling & quality tab. 
- Click the name of the data quality scan whose records you want to troubleshoot. 
- Click the Jobs history tab. 
- Click the job ID of the job that identified data quality failures. 
- In the job results window that opens, in the Rules section, find the column Query to get failed records. Click Copy query to clipboard for the failed rule. 
- Run the query in BigQuery to see the records that caused the job to fail. 
gcloud
Not supported.
REST
- To get the job that identified data quality failures, use the - dataScans.getmethod.- In the response object, the - failingRowsQueryfield shows the query.
- Run the query in BigQuery to see the records that caused the job to fail. 
Manage data quality scans for a specific table
The steps in this document show how to manage data quality scans across your project by using the BigQuery Metadata curation > Data profiling & quality page in the Google Cloud console.
You can also create and manage data quality scans when working with a specific table. In the Google Cloud console, on the BigQuery page for the table, use the Data quality tab. Do the following:
- In the Google Cloud console, go to the BigQuery page. - In the Explorer pane (in the left pane), click Datasets, and then click your dataset. Click Overview > Tables, and then select the table whose data quality scan results you want to see. 
- Click the Data quality tab. 
- Depending on whether the table has a data quality scan whose results are published as Dataplex Universal Catalog metadata, you can work with the table's data quality scans in the following ways: - Data quality scan results are published: the latest scan results are displayed on the page. - To manage the data quality scans for this table, click Data quality scan, and then select from the following options: - Create new scan: create a new data quality scan. For more information, see the Create a data quality scan section of this document. When you create a scan from a table's details page, the table is preselected. 
- Run now: run the scan. 
- Edit scan configuration: edit settings including the display name, filters, and schedule. - To edit the data quality rules, on the Data quality tab, click the Rules tab. Click Modify rules. Update the rules and then click Save. 
- Manage scan permissions: control who can access the scan results. For more information, see the Grant access to data quality scan results section of this document. 
- View historical results: view detailed information about previous data quality scan jobs. For more information, see the View data quality scan results and View historical scan results sections of this document. 
- View all scans: view a list of data quality scans that apply to this table. 
 
- Data quality scan results aren't published: select from the following options: - Create data quality scan: create a new data quality scan. For more information, see the Create a data quality scan section of this document. When you create a scan from a table's details page, the table is preselected. 
- View existing scans: view a list of data quality scans that apply to this table. 
 
 
View the data quality scans for a table
To view the data quality scans that apply to a specific table, do the following:
- In the Google Cloud console, on the BigQuery Metadata curation page, go to the Data profiling & quality tab. 
- Filter the list by table name and scan type. 
Update a data quality scan
You can edit various settings for an existing data quality scan, such as the display name, filters, schedule, and data quality rules.
Console
- In the Google Cloud console, on the BigQuery Metadata curation page, go to the Data profiling & quality tab. 
- Click the name of a data quality scan. 
- To edit settings including the display name, filters, and schedule, click Edit. Edit the values and then click Save. 
- To edit the data quality rules, on the scan details page, click the Current rules tab. Click Modify rules. Update the rules and then click Save. 
gcloud
To update the description of a data quality scan, use the
gcloud dataplex datascans update data-quality command:
gcloud dataplex datascans update data-quality DATASCAN \ --location=LOCATION \ --description=DESCRIPTION
Replace the following:
- DATASCAN: The name of the data quality scan to update.
- LOCATION: The Google Cloud region in which the data quality scan was created.
- DESCRIPTION: The new description for the data quality scan.
REST
To edit a data quality scan, use the
dataScans.patch method.
Delete a data quality scan
Console
- In the Google Cloud console, on the BigQuery Metadata curation page, go to the Data profiling & quality tab. 
- Click the scan you want to delete. 
- Click Delete, and then confirm when prompted. 
gcloud
To delete a data quality scan, use the
gcloud dataplex datascans delete command:
gcloud dataplex datascans delete DATASCAN \ --location=LOCATION \ --async
Replace the following variables:
- DATASCAN: The name of the data quality scan to delete.
- LOCATION: The Google Cloud region in which the data quality scan was created.
REST
To delete a data quality scan, use the
dataScans.delete method.
What's next
- Learn more about data governance in BigQuery.