Set up Looker

Before you start the Looker integration, you have to enable Collibra to access your Looker data. The Looker integration process uses a Looker API. To access the Looker metadata, the Looker API uses API3 credentials for authorization and access control.

For complete information, refer to the Looker documentation:

• Getting started with the Looker API
• Looker API authentication
• Admin settings - Roles

Looker user permissions

As it concerns permissions, you have 2 options when configuring a Looker user for the integration.

Option 1: Use the Admin role

You can create a user with the Admin role, which includes the Administer permission. In this case, the integration uses the /connections endpoint, which retrieves all required information in a single API call.

Option 2: Use a custom role with specific permissions

If you prefer not to assign the user the Admin role, the integration will use a set of more specific API calls, in addition to the /connections endpoint. This is necessary because the /connections endpoint returns less information if the user doesn't have the Administer permission.

In this case, you can create a user with a custom role that has a specific set of permissions. The required permissions are listed in the following procedure.

Steps

1. Do one of the following:
   • Create a user with the Admin role.
     
   • Create a user with a custom role that has the following permissions:
     • access_data
     • see_lookml
     • see_lookml_dashboards
     • see_looks
     • see_sql
     • see_user_dashboards
     • develop
     • see_users
     • manage_project_connections_restricted
     • see_admin
       
   Important The following information is applicable, regardless of the user role and permissions.

   • Due to a security update by Looker, you need to select the "Disallow Numeric Query IDs" option in Looker. For complete information, see the Looker Query ID API Patch Notice.
   • Collibra Data Lineage only performs read operations (GET) on API endpoints, with the exception of obtaining the access token, which requires a POST request.
2. Create an API3 key, which consists of a client ID and a client secret.
   For complete information, refer to the API Keys section in the Looker Admin settings - Users documentation.
3. Use the API3 credentials in your lineage harvester configuration file.

Note API3 credentials are always linked to a Looker user account. As a result, calls to the API only return data that the user is allowed to access.