Data source-specific permissions

Data source	Structural Metadata ingestion permissions	Data Quality Pullup Processing and Data Quality Pushdown Processing capability permissions
Amazon Athena	N/A	Read access on the Glue catalog and S3 buckets Write access on the S3 output location See the IAM policy Copy { "Version": "YYYY-MM-DD", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "athena:StartQueryExecution", "s3:ListBucketMultipartUploads", "athena:GetQueryResultsStream", "glue:GetTables", "glue:GetPartitions", "athena:GetQueryResults", "glue:BatchGetPartition", "s3:ListBucket", "glue:GetDatabases", "athena:ListQueryExecutions", "s3:ListMultipartUploadParts", "glue:GetTable", "glue:GetDatabase", "athena:GetWorkGroup", "s3:PutObject", "s3:GetObject", "glue:GetPartition", "glue:GetCatalogImportStatus", "athena:StopQueryExecution", "athena:GetQueryExecution", "s3:GetBucketLocation", "athena:BatchGetQueryExecution", "athena:DeletePreparedStatement", "athena:CreatePreparedStatement" ], "Resource": [ "arn:aws:athena::<AWSAccountID>:workgroup/primary", "arn:aws:s3:::<S3 bucket name>/", "arn:aws:s3:::<S3 bucket name>", "arn:aws:glue::<AWSAccountID>:catalog", "arn:aws:glue::<AWSAccountID>:database/<database name>", "arn:aws:glue::<AWSAccountID>:table/<database name>/" ] } ] }
Amazon Redshift	`USAGE`	`USAGE` on schemas `SELECT` on all tables
Databricks	`CAN USE` on the SQL warehouse `USAGE on CATALOG` `USAGE on SCHEMA` `SELECT` on the schema or tables that you want to process	`CAN ATTACH TO` on the cluster
Db2	`CONNECT` on the database	`SELECT` on each table that you want to profile
Denodo	N/A	`CONNECT` and `EXECUTE` on the database
Google BigQuery	`bigquery.datasets.get` `bigquery.jobs.create` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.list` `resourcemanager.projects.get`	`roles/bigquery.dataViewer` `roles/bigquery.jobUser` `roles/bigquery.readSessionUser` on the project `roles/bigquery.dataOwner` on the temporary dataset
Microsoft SQL Server	`CONNECT SQL` on the system `VIEW DEFINITION` on the database	`GRANT` on the login and database `SELECT` on schemas, tables, and views
MySQL	`SELECT` on each database and table that you want to ingest	`SELECT` on each schema that you want to profile
Oracle OCI	N/A	`SELECT` on schemas, tables, and views
PostgreSQL	N/A	`USAGE` on schemas `SELECT` on all tables
Presto	N/A	`read-only` role on the catalog, schemas, tables, views, and columns
SAP HANA	MONITORING role PUBLIC role	`SELECT` on each schema that you want to profile
Snowflake	`USAGE` on the database and schema `REFERENCES` on each table that you want to ingest	`USAGE` on the warehouse, database, and schema `SELECT` on tables and views
Starburst	N/A	`read-only` role on the catalog, schemas, tables, views, and columns
Trino	N/A	`read-only` role on the catalog, schemas, tables, views, and columns

Amazon Athena

N/A

Read access on the Glue catalog and S3 buckets
Write access on the S3 output location

See the IAM policy

Copy

{
                                            "Version": "YYYY-MM-DD",
                                            "Statement": [
                                            {
                                            "Sid": "VisualEditor0",
                                            "Effect": "Allow",
                                            "Action": [
                                            "athena:StartQueryExecution",
                                            "s3:ListBucketMultipartUploads",
                                            "athena:GetQueryResultsStream",
                                            "glue:GetTables",
                                            "glue:GetPartitions",
                                            "athena:GetQueryResults",
                                            "glue:BatchGetPartition",
                                            "s3:ListBucket",
                                            "glue:GetDatabases",
                                            "athena:ListQueryExecutions",
                                            "s3:ListMultipartUploadParts",
                                            "glue:GetTable",
                                            "glue:GetDatabase",
                                            "athena:GetWorkGroup",
                                            "s3:PutObject",
                                            "s3:GetObject",
                                            "glue:GetPartition",
                                            "glue:GetCatalogImportStatus",
                                            "athena:StopQueryExecution",
                                            "athena:GetQueryExecution",
                                            "s3:GetBucketLocation",
                                            "athena:BatchGetQueryExecution",
                                            "athena:DeletePreparedStatement",
                                            "athena:CreatePreparedStatement"
                                            ],
                                            "Resource": [
                                            "arn:aws:athena:*:<AWSAccountID>:workgroup/primary",
                                            "arn:aws:s3:::<S3 bucket name>/*",
                                            "arn:aws:s3:::<S3 bucket name>",
                                            "arn:aws:glue:*:<AWSAccountID>:catalog",
                                            "arn:aws:glue:*:<AWSAccountID>:database/<database name>",
                                            "arn:aws:glue:*:<AWSAccountID>:table/<database name>/*"
                                            ]
                                            }
                                            ]
                                        }

Amazon Redshift

USAGE

USAGE on schemas
SELECT on all tables

Databricks

CAN USE on the SQL warehouse
USAGE on CATALOG
USAGE on SCHEMA
SELECT on the schema or tables that you want to process

CAN ATTACH TO on the cluster

Db2

CONNECT on the database

SELECT on each table that you want to profile

Denodo

N/A

CONNECT and EXECUTE on the database

Google BigQuery

bigquery.datasets.get
bigquery.jobs.create
bigquery.tables.get
bigquery.tables.getData
bigquery.tables.list
resourcemanager.projects.get

roles/bigquery.dataViewer
roles/bigquery.jobUser
roles/bigquery.readSessionUser on the project
roles/bigquery.dataOwner on the temporary dataset

Microsoft SQL Server

CONNECT SQL on the system
VIEW DEFINITION on the database

GRANT on the login and database
SELECT on schemas, tables, and views

MySQL

SELECT on each database and table that you want to ingest

SELECT on each schema that you want to profile

Oracle OCI

N/A

SELECT on schemas, tables, and views

PostgreSQL

N/A

USAGE on schemas
SELECT on all tables

Presto

N/A

read-only role on the catalog, schemas, tables, views, and columns

SAP HANA

MONITORING role
PUBLIC role

SELECT on each schema that you want to profile

Snowflake

USAGE on the database and schema
REFERENCES on each table that you want to ingest

USAGE on the warehouse, database, and schema
SELECT on tables and views

Starburst

N/A

read-only role on the catalog, schemas, tables, views, and columns

Trino

N/A

read-only role on the catalog, schemas, tables, views, and columns