DATA OPS

BigQuery PII finding with Slack human approval gate

Scans new BigQuery columns for sensitive values and posts findings to Slack with Approve/Quarantine buttons, so a steward decides whether to lock the table.

CategoryData Ops

Enginesim

Difficultyintermediate

Triggerschedule

Steps7

Setup~15 min

How it runs

The automated pipeline, trigger to output.

TriggerScheduled scan window
ActionSample new BigQuery columnsBigQuery
LogicClassify and filter to PII matches
ActionPost finding to Slack with action buttonsSlack
LogicBranch on steward's Approve vs Quarantine
ActionApply deny-all access policy on datasetBigQuery
OutputReply disposition to Slack threadSlack

What it does

Samples recently created BigQuery columns, flags ones that look like unmasked PII, and routes each finding to a Slack channel as an interactive message. A data steward clicks Approve to dismiss a false positive or Quarantine to have the workflow apply a deny-all access policy on the dataset. Nothing is locked without a human decision.

When to use it

Use it when your team wants automated PII detection but is not comfortable auto-revoking warehouse access, and prefers a fast Slack approval step before any table goes read-restricted.

How it works

1A schedule triggers the scan window.
2Query BigQuery for columns created since the last checkpoint and sample their values.
3Classify each sample and branch to keep only likely PII columns.
4Post each finding to Slack with the table name, matched categories, and Approve/Quarantine actions.
5On a Quarantine response, apply a restrictive IAM/access policy on the dataset.
6Post the final disposition back to the Slack thread for an audit trail.

Set it up

What you configure once, before turning it on.

1
Connect BigQueryDatasets, queries, schemas.
2
Connect SlackChannels, DMs, threads, mentions.
3
Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
4
Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
5
Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More Data Ops workflows

BigQuery Per-Team Budget Breach Alert to PagerDuty

Tracks month-to-date BigQuery scheduled-query spend per team and, when a team crosses its monthly budget, pages the team's on-call in PagerDuty and snapshots the spend breakdown…

dbt orphan model detector with Linear cleanup tickets

Scans your dbt manifest for models that no other model, exposure, or BI tool consumes.

Weekly BigQuery Cost Trend Sheet and Exec Digest

Compiles week-over-week BigQuery scheduled-query cost by owner and dataset into a Google Sheet with trend columns.

Backfill Missing Owner Labels on BigQuery Scheduled Queries

Finds scheduled queries with no owner label, infers the likely owner from creator metadata and target-table lineage, proposes a label.

Daily BigQuery Scheduled-Query Cost Attribution to Owners

Each morning, totals the prior day's on-demand bytes-billed per scheduled query, maps each query to its owner from a label, and posts a per-owner cost leaderboard to Slack.

dbt source freshness watcher with severity-routed alerts

Checks Snowflake loaded-at timestamps against each dbt source's freshness SLA, then routes warnings to Slack and hard breaches to a PagerDuty incident so stale data never…

Browse all Data Ops →

Run it inside a business

This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.

Software

Agent Hive runs Agent Hive

The team that built Agent Hive, exactly as it runs today.

Marketing

Content Marketing Agency

SEO, blogs, social, and reporting on autopilot.

E-commerce

E-commerce Operator

Listings, support, inventory, and ads — running 24/7.

Browse all business templates →Solutions by industry →

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the Waitlist Browse all workflows →