Before you start the Looker integration, you have to enable Collibra to access your Looker data. The Looker integration process uses a Looker API. To access the Looker metadata, the Looker API uses API3 credentials for authorization and access control.
Collibra Data Lineage uses the API 4.0 endpoints. Some of these endpoints require that your Looker user has the Admin role, because the Admin role has the Administer permission, which is not available in the custom permission set. Your Looker user needs the Admin role for the following endpoints:
/connection/projects/users/dashboard_elements/search
Due to a security update by Looker, you also need to select the "Disallow Numeric Query IDs" option in Looker. For complete information, see the Looker Query ID API Patch Notice.
Collibra Data Lineage only performs read operations (GET) on the API endpoints, with the exception of obtaining the access token, which requires a POST request.
Prerequisite
-
You have the necessary permissions in Looker to see the Looker data.
Steps
- Create a user with the Admin role. Tip Only a user with a role that has the Admin permission set can create API3 credentials. Some Looker API calls also require a role that has the Admin permission set.
- Create the API3 credentials.
- Use the API3 credentials in your lineage harvester configuration file.
Note API3 credentials are always linked to a Looker user account. As a result, calls to the API only return data that the user is allowed to see.
Tip For more information, see the Looker documentation.