Photo by Scott Webb on Unsplash


SESSION_USER is currently listed as the only "Security" function in the BigQuery documentation. What does it do?

It can help you find out the email or the principal of the user that is running the query.

This might a person or a service account that is impersonated. As far as I know, one could only impersonate the service account when using the bq cli (and not the GUI).

I remember using SESSION_USER / CURRENT USER in my SQL Server days as well.

The only use case I thought of was a poor man's row-level security for tables, effectively filtering the rows you can see based on who you are. But there is a proper solution for this problem - Row-level access policies.

Any interesting use cases which involve SESSION_USER in your projects?

No alt text provided for this image

Found it useful? Subscribe to my Analytics newsletter at