Data source-specific permissions

Before you can start ingesting metadata, ensure that you meet the required permissions for your specific data source.

Select a data source, to show the required permissions.

Currently, information is shown for:

X
Important 
  • Ensure that you meet the Azure Data Factory-specific permissions described in Set up Azure Data Factory.
  • You need read access on information_schema. Only views that you own are processed.
  • You need read access on the SYS schema.
  • You need read access on information_schema:
    • bigquery.datasets.get
    • bigquery.tables.get
    • bigquery.tables.list
    • bigquery.jobs.create
    • bigquery.routines.get
    • bigquery.routines.list
  • SELECT, at table level. Grant this to every table for which you want to create a technical lineage.
  • You need Monitoring role permissions.
  • A role with the LOGIN option.
  • SELECT WITH GRANT OPTION, at Table level.
  • CONNECT ON DATABASE
  • You need read access on the SYS schema and the View Definition Permission in your SQL Server.
  • You need read access on definition_schema.
    • GRANT SELECT, at table level. Grant this to every table for which you want to create a technical lineage.
    • The role of the user that you specify in the username property in lineage harvester configuration file must be the owner of the views in PostgreSQL.
  • You need read access on the DBC.
  • You need read access to the following dictionary views:
    • all_tab_cols
    • all_col_comments
    • all_objects
    • ALL_DB_LINKS
    • all_mviews
    • all_source
    • all_synonyms
    • all_views
    • Your user role must have privileges to export assets.
    • You must have read permission on all assets that you want to export.
    • You have added the Matillion certificate to a Java truststore.
    • You have at least a Matillion Enterprise license.
    These permissions are the same, regardless of the ingestion mode: SQL or SQL-API.

    You need a role that can access the Snowflake shared read-only database. To access the shared database, the account administrator must grant the IMPORTED PRIVILEGES privilege on the shared database to the user that runs the lineage harvester.
    Tip If the default role in Snowflake does not have the IMPORTED PRIVILEGES privilege, you can use the customConnectionProperties property in the lineage harvester configuration file to assign the appropriate role to the user. For example:
    "customConnectionProperties": "role=METADATA"
  • The source code files must be in the same directory as the lineage.json file. Otherwise, an error occurs indicating that the lineage harvester cannot find the source code files. For complete information, go to Working with custom technical lineage.
    • Before you start the Power BI integration process, you have to perform a number of tasks in Power BI and Microsoft Azure. These tasks, which are performed outside of Collibra, are needed to enable the lineage harvester to reach your Power BI application and collect its metadata. For complete information, go to Set up Power BI.
    Before you start the Tableau integration process, you have to perform a number of tasks in Tableau. For complete information, go to the following topics:
  • You need the following roles, with user access to the server from which you want to ingest:
    • A system-level role that is at least a System user role.
    • An item-level role that is at least a Content Manager role.

    We recommend that you use SQL Server 2019 Reporting Services or newer. We can't guarantee that older versions will work.

    • Before you start the Looker integration process, you need to set up Looker.

    The following permissions apply only to MicroStrategy on-premises customers.

    • You need Admin API permissions.
      The first call we make to MicroStrategy is to authenticate. We connect to <MSTR URL>:<Port>/MicroStrategyLibrary/api-docs/ and use POST api/auth/login. You have to ensure that this API call can be made successfully.
    • You need permissions to access the library server.
    • The lineage harvester uses port 443. If the port is not open, you also need permissions to access the repository.
    • If you have a MicroStrategy on-premises environment, you need the permissions for all of the database objects that the lineage harvester accesses.
    • You have to configure the MicroStrategy Modeling Service. For complete information, see the MicroStrategy documentation.
    • Necessary permissions to all database objects that the lineage harvester accesses.

      Data source

      Required permissions

      Amazon Redshift

      You need read access on information_schema. Only views that you own are processed.

      Azure Data Factory

      Ensure that you meet the Azure Data Factory-specific permissions described in Set up Azure Data Factory.

      Azure SQL server

      You need read access on the SYS schema.

      Azure Synapse Analytics

      SELECT, at table level. Grant this to every table for which you want to create a technical lineage.

      Google BigQuery

      You need read access on information_schema:
      • bigquery.datasets.get
      • bigquery.tables.get
      • bigquery.tables.list
      • bigquery.jobs.create
      • bigquery.routines.get
      • bigquery.routines.list

      Greenplum

      A role with the LOGIN option.

      HiveQL

      SELECT WITH GRANT OPTION, at Table level.

      IBM DB2

      CONNECT ON DATABASE

      Informatica Intelligent Cloud Services

      • Your user role must have privileges to export assets.
      • You must have read permission on all assets that you want to export.

      Matillion

      • You have added the Matillion certificate to a Java truststore.
      • You have at least a Matillion Enterprise license.

      Microsoft SQL Server

      You need read access on the SYS schema and the View Definition Permission in your SQL Server.

      MySQL

      SELECT, at table level. Grant this to every table for which you want to create a technical lineage.

      Netezza

      You need read access on definition_schema.
      Oracle
      You need read access to the following dictionary views:
      • all_tab_cols
      • all_col_comments
      • all_objects
      • ALL_DB_LINKS
      • all_mviews
      • all_source
      • all_synonyms
      • all_views

      PostgreSQL

      • GRANT SELECT, at table level. Grant this to every table for which you want to create a technical lineage.
      • The role of the user that you specify in the username property in lineage harvester configuration file must be the owner of the views in PostgreSQL.
      Snowflake
      The following permissions are the same, regardless of the ingestion mode: SQL or SQL-API.
      You need a role that can access the Snowflake shared read-only database. To access the shared database, the account administrator must grant the IMPORTED PRIVILEGES privilege on the shared database to the user that runs the lineage harvester.
      Tip If the default role in Snowflake does not have the IMPORTED PRIVILEGES privilege, you can use the customConnectionProperties property in the lineage harvester configuration file to assign the appropriate role to the user. For example:
      "customConnectionProperties": "role=METADATA"

      Teradata

      You need read access on the DBC.

There are no specific permission requirements for this data source type.

There are no specific permissions requirements for downloaded SQL files.