We've updated our documentation with the latest features and updates introduced by Ads Data Hub's two new experiences. Advertisers, agencies, and publishers, refer to the Marketers site. Vendors and partners, refer to the Measurement Partners site.
Stay organized with collections
Save and categorize content based on your preferences.
VPC Service Controls enhance the security of your data by allowing you to define a service perimeter around Google Cloud resources. This service perimeter constrains the movement of data across the perimeter boundary, which mitigates data exfiltration risks.
Designated an
admin project
in your Ads Data Hub account.
Updated your service account to an email address containing
gcp-sa-adsdatahub.iam.gserviceaccount.com. If you haven't done this, or
are unsure whether you need to,
contact Ads Data Hub support.
Contacted Ads Data Hub support to configure your account for VPC Service
Controls.
Enable VPC Service Controls
If you haven't previously set up VPC Service Controls, refer to the VPC Service Controls quickstart. The quickstart will guide you through the initial setup of VPC Service Controls. Once you have completed the quickstart, follow the instructions below.
Ads Data Hub-specific setup
Navigate to the VPC Service Controls console and select an existing service perimeter.
Add the projects that you want to secure within the perimeter. You must include the admin project and any projects you use for input or output data in Ads Data Hub.
Add Ads Data Hub and BigQuery as restricted services within the perimeter.
Certain Ads Data Hub features (such as custom audience activation, user-provided data matching, and LiveRamp match tables) require certain user data to be exported outside of the VPC Service Controls perimeter. If Ads Data Hub is added as a restricted service, it will bypass VPC Service Controls policies for these features in order to retain their capabilities.
All dependent services must be included as allowed services in the same VPC
Service Controls perimeter. For example, since Ads Data Hub relies on
BigQuery, BigQuery must also be added. In general, VPC Service Controls best
practices recommend including all services in the perimeter, i.e. "restricting
all services".
Customers with dual-tier Ads Data Hub account structures, such as agencies
with subsidiaries, should have all of their admin projects in the same
perimeter. For simplicity, Ads Data Hub recommends that customers with
dual-tier account structures restrict their admin projects to the same Google
Cloud organization.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-09-18 UTC."],[[["Ads Data Hub integration with VPC Service Controls is currently in preview, enhancing data security by creating a service perimeter around Google Cloud resources."],["Before enabling, ensure an admin project is designated, the service account is updated, and Ads Data Hub support is contacted for account configuration."],["To enable, set up VPC Service Controls, add relevant projects and Ads Data Hub/BigQuery as restricted services within the perimeter."],["Some Ads Data Hub features bypass VPC Service Controls to retain functionality and all dependent services (like BigQuery) should be included in the perimeter."],["Dual-tier Ads Data Hub accounts should ideally have admin projects within the same perimeter or Google Cloud organization for simplified management."]]],["VPC Service Controls enhance data security by creating a perimeter around Google Cloud resources, mitigating data exfiltration. To enable, users must have an admin project, an updated service account, and contact Ads Data Hub support. Configuration involves adding secured projects, including the admin project and data projects, to a service perimeter. Ads Data Hub and BigQuery are to be added as restricted services. Certain features may bypass the policies, and all dependent services must be included. Dual-tier accounts should keep all their admin projects in the same perimeter.\n"]]
