Set up Looker

As a BI Admin, you need to perform these steps to enable Collibra to access your Looker data. This configuration allows Collibra Data Lineage to harvest metadata using API3 credentials.

The integration authenticates via a specific set of Looker API calls. To enable this, you have to provision a dedicated service account in Looker and assign one of the following two permission options. This configuration allows Collibra Data Lineage to securely harvest metadata using API3 credentials.

For complete information, refer to the Looker documentation:

• Getting started with the Looker API
• Looker API authentication
• Admin settings - Roles

Looker user permission options

The integration uses a specific set of API calls for authorization. To provide this access, you must create a dedicated user in Looker and choose one of the following two options for permissions.

Option 1: Use the Admin role

Assign the Admin role to the dedicated user. This is the simplest method and provides all necessary access immediately. In this case, the integration uses the /connections endpoint, which retrieves all required information in a single API call.

Option 2: Use a custom role with specific permissions

If you prefer not to assign the user the Admin role, the integration will use a set of more specific API calls, in addition to the /connections endpoint. This is necessary because the /connections endpoint returns less information if the user doesn't have the Administer permission.

In this case, you can create a user with a custom role that has a specific set of permissions. The required permissions are listed in the following procedure.

Steps

1. Do one of the following:
   • Create a user with the Admin role.
     
   • Create a user with a custom role that has the following permissions:
     • access_data
     • see_lookml
     • see_lookml_dashboards
     • see_looks
     • see_sql
     • see_user_dashboards
     • develop
     • see_users
     • manage_project_connections_restricted
     • see_admin
       
   Important Collibra Data Lineage only performs read operations (GET) on API endpoints, with the exception of obtaining the access token, which requires a POST request.
2. Create an API3 key, which consists of a client ID and a client secret.
   For complete information, refer to the API Keys section in the Looker Admin settings - Users documentation.
3. Use the API3 credentials in your lineage harvester configuration file (deprecated).

Note API3 credentials are always linked to a Looker user account. As a result, calls to the API only return data that the user is allowed to access.