ALTR eBook: Snowflake Data Governance Buying Guide

Govern Individual Tableau Users in Snowflake

If you’re like many companies using Tableau with Snowflake, you may be utilizing a “shared service account”. That means when individuals log into Tableau and request data, a single Tableau service account accesses Snowflake and withdraws the data. This provides simplicity of management, but eliminates the ability to place user-based governance or security on the data. When you can’t identify which user is accessing which data, you’re faced with serious governance and security complications

You can’t apply masking on specific columns to limit protection to sensitive data.

You can’t limit consumption for specific users which means you can’t stop credentialed access threats – all users have the power to download all the data.

You don’t have an audit trail or record of individual data consumption which can lead to serious compliance issues.

And, if there is a breach, access would need to be cut off completely, even to users who have done nothing wrong.

Distinguish users and apply individual governance and security policies

ALTR can help. We’ve developed a unique solution that employs contextual info provided by Tableau to distinguish users and allow you to apply governance policies on the data in Snowflake.

01

With a simple, one-time configuration of a SQL variable in Tableau server, the service account that Tableau uses to connect to Snowflake can send through information on which one of the thousands of Tableau users is making the request.

02

ALTR can then apply governance and security policy on that user as it would on any other individual Snowflake account.

ALTR is the only Snowflake provider delivering user-level governance and security on Tableau shared service accounts. Learn how we got to this point and see how easy it is to set up ALTR's solution. This is just another example of our drive to build tools that are quick and easy for our customers to deploy while delivering powerful data control and protection.
Request Demo