Data source-specific permissions

To run data quality on a data source, the Edge connection must have the minimum permissions described below.

Important 
  • The Edge connection may be shared with other capabilities, such as Structural Metadata Ingestion, or may be specific to Data Quality & Observability, such as Data Quality Pullup Processing or Data Quality Pushdown Processing.
  • Archive break records permissions currently apply to Data Quality Pushdown Processing only.

Permissions by data source

The following sections list the minimum required permissions for each supported data source, organized by capability. Permissions are listed separately for Structural Metadata Ingestion, Data Quality Pullup Processing and Data Quality Pushdown Processing, and archive break records.

Note Archive break records permissions currently apply to Data Quality Pushdown Processing connections only.

Amazon Athena

Structural Metadata Ingestion

No additional permissions required.

Data Quality Pullup Processing and Data Quality Pushdown Processing

The service account user must have:

  • Read access on the Glue catalog and S3 buckets
  • Write access on the S3 output location

Archive break records

When using archive break records, the service account user must have:

  • Read access on the source data.
  • Create, write, and modify table permissions on the destination database and schema where break records are stored. This is separate from the read access used to run the job, and the exact privilege names vary by data source.

Amazon Redshift

Structural Metadata Ingestion

The service account user must have:

  • USAGE

Data Quality Pullup Processing and Data Quality Pushdown Processing

The service account user must have:

  • USAGE on schemas
  • SELECT on all tables

Archive break records

When using archive break records, the service account user must have:

  • Read access on the source data.
  • Create, write, and modify table permissions on the destination database and schema where break records are stored. This is separate from the read access used to run the job, and the exact privilege names vary by data source.

Azure Synapse

Structural Metadata Ingestion

SELECT on each table to ingest.

Data Quality Pullup Processing

The service account user must have:

  • GRANT on the login and database
  • SELECT on schemas, tables, and views for processing
  • CONNECT SQL on the system
  • VIEW DEFINITION on the database

Databricks

Structural Metadata Ingestion

The service account user must have:

  • CAN USE on the SQL warehouse
  • USAGE on CATALOG
  • USAGE on SCHEMA
  • SELECT on the schema or tables that you want to process

Data Quality Pullup Processing and Data Quality Pushdown Processing

The service account user must have:

  • CAN ATTACH TO on the cluster

Archive break records

When using archive break records, the service account user must have:

  • Read access on the source data.
  • Create, write, and modify table permissions on the destination database and schema where break records are stored. This is separate from the read access used to run the job, and the exact privilege names vary by data source.

Db2

Structural Metadata Ingestion

The service account user must have:

  • CONNECT on the database

Data Quality Pullup Processing and Data Quality Pushdown Processing

The service account user must have:

  • SELECT on each table that you want to profile

Denodo

Structural Metadata Ingestion

No additional permissions required.

Data Quality Pullup Processing and Data Quality Pushdown Processing

The service account user must have:

  • CONNECT and EXECUTE on the database

Google BigQuery

Structural Metadata Ingestion

The service account user must have:

  • bigquery.datasets.get
  • bigquery.jobs.create
  • bigquery.tables.get
  • bigquery.tables.getData
  • bigquery.tables.list
  • resourcemanager.projects.get

Data Quality Pullup Processing and Data Quality Pushdown Processing

The service account user must have:

  • roles/bigquery.dataViewer
  • roles/bigquery.jobUser
  • roles/bigquery.readSessionUser on the project
  • roles/bigquery.dataOwner on the temporary dataset

Archive break records

When using archive break records, the service account user must have:

  • Read access on the source data.
  • Create, write, and modify table permissions on the destination database and schema where break records are stored. This is separate from the read access used to run the job, and the exact privilege names vary by data source.

Microsoft SQL Server

Structural Metadata Ingestion

The service account user must have:

  • CONNECT SQL on the system
  • VIEW DEFINITION on the database

Data Quality Pullup Processing and Data Quality Pushdown Processing

The service account user must have:

  • GRANT on the login and database
  • SELECT on schemas, tables, and views

Archive break records

When using archive break records, the service account user must have:

  • Read access on the source data.
  • Create, write, and modify table permissions on the destination database and schema where break records are stored. This is separate from the read access used to run the job, and the exact privilege names vary by data source.

MySQL

Structural Metadata Ingestion

The service account user must have:

  • SELECT on each database and table that you want to ingest

Data Quality Pullup Processing and Data Quality Pushdown Processing

The service account user must have:

  • SELECT on each schema that you want to profile

Oracle OCI

Structural Metadata Ingestion

No additional permissions required.

Data Quality Pullup Processing and Data Quality Pushdown Processing

The service account user must have:

  • SELECT on schemas, tables, and views

Archive break records

When using archive break records, the service account user must have:

  • Read access on the source data.
  • Create, write, and modify table permissions on the destination database and schema where break records are stored. This is separate from the read access used to run the job, and the exact privilege names vary by data source.

Oracle (Thin client-side)

Structural Metadata Ingestion

No additional permissions required.

Data Quality Pullup Processing and Data Quality Pushdown Processing

The service account user must have:

  • SELECT on schemas, tables, and views

Archive break records

When using archive break records, the service account user must have:

  • Read access on the source data.
  • Create, write, and modify table permissions on the destination database and schema where break records are stored. This is separate from the read access used to run the job, and the exact privilege names vary by data source.

PostgreSQL

Structural Metadata Ingestion

No additional permissions required.

Data Quality Pullup Processing and Data Quality Pushdown Processing

The service account user must have:

  • USAGE on schemas
  • SELECT on all tables

Presto

Structural Metadata Ingestion

No additional permissions required.

Data Quality Pullup Processing and Data Quality Pushdown Processing

The service account user must have:

  • read-only role on the catalog, schemas, tables, views, and columns

Archive break records

When using archive break records, the service account user must have:

  • Read access on the source data.
  • Create, write, and modify table permissions on the destination database and schema where break records are stored. This is separate from the read access used to run the job, and the exact privilege names vary by data source.

SAP HANA

Structural Metadata Ingestion

The service account user must have:

  • MONITORING role
  • PUBLIC role

Data Quality Pullup Processing and Data Quality Pushdown Processing

The service account user must have:

  • SELECT on each schema that you want to profile

Archive break records

When using archive break records, the service account user must have:

  • Read access on the source data.
  • Create, write, and modify table permissions on the destination database and schema where break records are stored. This is separate from the read access used to run the job, and the exact privilege names vary by data source.

Snowflake

Structural Metadata Ingestion

The service account user must have:

  • USAGE on the database and schema
  • REFERENCES on each table that you want to ingest

Data Quality Pullup Processing and Data Quality Pushdown Processing

The service account user must have:

  • USAGE on the warehouse, database, and schema
  • SELECT on tables and views

Archive break records

When using archive break records, the service account user must have:

  • Read access on the source data.
  • Create, write, and modify table permissions on the destination database and schema where break records are stored. This is separate from the read access used to run the job, and the exact privilege names vary by data source.

Starburst

Structural Metadata Ingestion

No additional permissions required.

Data Quality Pullup Processing and Data Quality Pushdown Processing

The service account user must have:

  • read-only role on the catalog, schemas, tables, views, and columns

Archive break records

When using archive break records, the service account user must have:

  • Read access on the source data.
  • Create, write, and modify table permissions on the destination database and schema where break records are stored. This is separate from the read access used to run the job, and the exact privilege names vary by data source.

Sybase

Structural Metadata Ingestion

No additional permissions required.

Data Quality Pullup Processing

The service account user must have:

  • SELECT on each table and view that you want to profile

Teradata

Structural Metadata Ingestion

No additional permissions required.

Data Quality Pullup Processing

The service account user must have:

  • SELECT on each table and view that you want to profile

Trino

Structural Metadata Ingestion

No additional permissions required.

Data Quality Pullup Processing and Data Quality Pushdown Processing

The service account user must have:

  • read-only role on the catalog, schemas, tables, views, and columns

Archive break records

When using archive break records, the service account user must have:

  • Read access on the source data.
  • Create, write, and modify table permissions on the destination database and schema where break records are stored. This is separate from the read access used to run the job, and the exact privilege names vary by data source.