To ensure successful metadata ingestion and lineage generation, complete the following preflight checks.
In your Tableau environment
To ensure Collibra Data Lineage can accurately harvest metadata and perform automatic stitching, verify the following configuration requirements.
| Environment | Supported versions / details |
|---|---|
| Tableau Cloud | Always supported (latest version). |
| Tableau Server | Versions 2020.2 through 2024.x. |
| Licensing | Tableau Data Management is required to harvest the full metadata stack necessary for detailed technical lineage. |
| API acess | The Tableau Metadata API must be enabled to support automatic stitching. |
Roles, permissions, and mandatory settings
Before starting the integration in Data Catalog, ensure you have completed these mandatory external tasks:
- You have the necessary roles and permissions in Tableau.
- You've configured the mandatory settings.
- You've tested your connectivity with the Tableau server.
Note These tasks are managed within the Tableau environment. Because third-party interfaces may change, we strongly recommend consulting the official Tableau documentation for the most current procedures.
Token and authentication security
Successful metadata harvesting depends on the validity of your Tableau Personal Access Token (PAT).
- Tokens are valid for a maximum of one year (this can be configured to a shorter duration).
- Regardless of the total lifespan, a token expires if unused for two weeks. You must run a harvest at least once every 14 days to keep the token active.
- Lineage results are restricted by the specific site roles and permissions assigned to the user who generated the token.
In your CPSH environment
Lineage enablement
- Technical lineage via Edge is enabled in your CPSH environment.
Edge
-
You created and installed an Edge site.Important If you're using a Collibra Cloud site, go the Collibra Cloud site documentation to check if your data source is supported.
- The Edge site status must be Healthy.
Network and proxy configuration
- Edge can connect to all Collibra Data Lineage service instances in your geographic location.
- Optionally, you've connected to a proxy server.
- Optionally, use a custom certificate to allow the Edge capability to connect to your data source. In this case, you've saved the certificate as "ca.pem" in the same directory as the Edge site installer. If you've saved the certificate in another directory, use the
--caargument in the Edge site installation command.
CPSH permissions
You can connect to Collibra Data Lineage by using the basic or OAuth authentication method. The following permissions are required only if you use the basic authentication method.
- A global role with the following global permissions:
- Data Stewardship Manager
- Manage all resources
- System administration
- Technical lineage
- A resource role with the following resource permissions on the community level in which you created the domain:
- Asset > Add
- Attribute > Add
- Domain > Add
- Attachment > Add
To create a new target domain for asset ingestion:
- You have a resource role with the Domain > Add resource permission.
To create a Tableau connection:
- You have a global role with the Product Rights > System administration global permission.
- You have a global role that has the Manage Edge sites global permission.
- You have a global role that has the Manage connections and capabilities global permission.
- A resource role with Configure external systemresource permission, for example Owner.
- If you connect to Tableau Online, you have a Tableau user with at least Viewer rights.
- If you connect to Tableau Server, you have a Tableau user with access to at least one site.
- You have the necessary Tableau permissions, as described in Tableau roles, permissions, and mandatory settings.
- You have added a vault to your Edge site.
- If your data source connection requires a file from your vault, the file must be encoded into Base64 and stored as a regular secret in your vault.
To connect to Collibra Data Lineage service instances via OAuth authentication:
- You have a global role with the Product Rights > System administration global permission.
- You have a global role that has the Manage Edge sites global permission.
- You have a global role that has the Manage connections and capabilities global permission.
To add an Edge capability:
- You have a global role with the Product Rights > System administration global permission.
- You have a global role that has the Manage connections and capabilities global permission, for example, Edge integration engineer.
To synchronize technical lineage:
- A global role that has the following global permission:
- Catalog, for example Catalog Author
- View Edge connections and capabilities
- A resource role with Configure external system resource permission, for example Owner.
- Data source-specific permissions.