If you’re like many companies using Tableau with Snowflake, you may be utilizing a “shared service account”. That means when individuals log into Tableau and request data, a single Tableau service account accesses Snowflake and withdraws the data. This provides simplicity of management, but eliminates the ability to place user-based governance or security on the data. When you can’t identify which user is accessing which data, you’re faced with serious governance and security complications
You can’t apply masking on specific columns to limit protection to sensitive data.
You can’t limit consumption for specific users which means you can’t stop credentialed access threats – all users have the power to download all the data.
You don’t have an audit trail or record of individual data consumption which can lead to serious compliance issues.
And, if there is a breach, access would need to be cut off completely, even to users who have done nothing wrong.
ALTR can help. We’ve developed a unique solution that employs contextual info provided by Tableau to distinguish users and allow you to apply governance policies on the data in Snowflake.
With a simple, one-time configuration of a SQL variable in Tableau server, the service account that Tableau uses to connect to Snowflake can send through information on which one of the thousands of Tableau users is making the request.
ALTR can then apply governance and security policy on that user as it would on any other individual Snowflake account.