ALTR Data Protection Dashboard
The ALTR Data Protection Dashboard is a Snowflake Native App that integrates ALTR’s advanced data protection capabilities. It provisions the required functions, stored procedures and tables to enable a comprehensive Data Protection Metrics Dashboard within your Snowflake Native App.
This dashboard helps visualize and analyze key metrics in real-time, such as the presence of tags without associated policies, security control implementation, and monitoring effectiveness. By identifying data that is tagged but lacks appropriate policy enforcement, the app helps monitor compliance, identify gaps in risk posture and assess the enforcement status of your data protection policies.
Architecture
Section titled “Architecture”The app utilizes Snowflake’s native features and integrates directly with ALTR’s data protection framework. Upon setup, it collects metadata from your Snowflake environment and your ALTR organization by calling Unified Policy API endpoints from user-defined functions and stored procedures. This data is processed and stored in application-managed tables to create a dynamic Data Protection Metrics Dashboard, which can then provide visuals in the Snowflake Native App.
Prerequisites
Section titled “Prerequisites”To use this app, you’ll need:
- Basic knowledge of SQL and Snowflake Native Apps
- A Snowflake account with Enterprise edition or higher
- An ALTR account
When operating the native application, the following Snowflake privileges are required to be granted to the role running the Native App to support specific features such as external access integration, network rule configuration, secret management and usage on Snowflake provided views such as SNOWFLAKE.ACCOUNT_USAGE.TAG_REFERENCES.
CREATE DATABASE
Section titled “CREATE DATABASE”This allows the application to create new databases within the Snowflake account. The application creates a database to store objects such as Network Rules and Secrets when setting up External Access Integrations . Granting CREATE DATABASE ensures it can manage and isolate these resources securely.
Grant Recommendation:
GRANT CREATE DATABASE ON ACCOUNT TO <role>;CREATE INTEGRATION
Section titled “CREATE INTEGRATION”This enables the creation on External Access Integrations . The application uses External Access Integration to securely call ALTR’s API. Granting CREATE INTEGRATION allows the app to define these integrations as part of its setup and communication with ALTR.
GRANT CREATE INTEGRATION ON ACCOUNT TO <role>;IMPORTED PRIVILEGES ON SNOWFLAKE DATABASE
Section titled “IMPORTED PRIVILEGES ON SNOWFLAKE DATABASE”Allows access to system-level metadata and views within the SNOWFLAKE database, particularly the ACCOUNT_USAGE schema.The application queries the TAG_REFERENCES view to identify tagged objects that do not yet have policies applied. This helps enforce governance by highlighting policy gaps.
1. Grant Import Privileges on Snowflake Database
Section titled “1. Grant Import Privileges on Snowflake Database”To grant the Analytics Model the required privileges:
- Install the ALTR Analytics Model from Snowflake Marketplace.
- Open the app and click Settings .
- Click the Privileges tab to view access required for the analytics model.
- Click Review ; a modal displays asking for the privileges to import privileges on the Snowflake database.
- Turn on the Granted switch.
- Click Update Privileges to apply the required access.
- Refresh the page and make sure you see the word “ Granted ” in green to indicate that the privileges were updated.
2. Create External Access Integration for ALTR
Section titled “2. Create External Access Integration for ALTR”Create external access integration with ALTR by connecting your ALTR account to the Analytics Model. You need your ALTR API key and API secret .
To create external access integration for ALTR:
- In the app’s Settings , click the Connections tab.
- In the Connections section, click Review ; a Connect to Key management external access integration modal displays.
- Click Next to create the network rule.
- Enter your ALTR credentials:
- Username: Your ALTR API key
- Password: Your ALTR API secret
- Click Connect .
- Refresh the page and make sure you see the word “ Connected ” in green to indicate that the privileges were updated.
- Click Launch app .
3. Configure Data Protection Metrics
Section titled “3. Configure Data Protection Metrics”Configure the data protection metrics by generating all the necessary database objects required to create the charts.
To configure the data protection metrics:
- Navigate to the Configuration tab.
- (Optional) Enable Use Tag Value if you are using tag values to mask your data. Toggle it based on your masking strategy.
- Enter the Database Name where the ALTR tags are stored.
- Click Generate Required Objects to create the necessary database objects.
4. Generate Charts
Section titled “4. Generate Charts”To generate the Data Protection Metrics Dashboard:
- Click the Charts tab.
- Click Generate Charts . The dashboard displays charts with the following metrics:
- Unprotected columns by Tag Name / Tag Value
- Protected columns by Tag Name / Tag Value
APPOWNER
Section titled “APPOWNER”Description: Full access to all application functionality
Recommended Grant: To roles that need to invoke procedures, create functions, manage data and handle external key management
Functions
Section titled “Functions”| Function Name | Description |
|---|---|
ALTR_POLICY() | Returns policy details from ALTR |
ALTR_RULE() | Returns alert applied on rule from ALTR |
ALTR_TOKENIZE() | Lists columns configured as tokenized in ALTR |
Stored Procedures
Section titled “Stored Procedures”| Procedure Name | Description |
|---|---|
ALTR_TAG_INFO_SP | Calls ALTR_POLICY() and ALTR_RULE() to generate relevant tables |
ALTR_TOKENIZE_SP | Invokes ALTR_TOKENIZE() and creates tables with the details of the columns that are tokenized |
ALTR_SF_METADATA_SP | Pulls Snowflake metadata to create necessary tables |
DPMD_DB_OBJ | Creates user-defined functions and executes all stored procedures |
Tables
Section titled “Tables”| Table Name | Description |
|---|---|
ALTR_RAW_POLICY_JSON_INFO | Contains the policy JSON data |
ALTR_RAW_RULE | Contains JSON data of rules applied on the policy |
ALTR_TAG_POLICY_INFO | Contains records of policy names and their corresponding IDs |
ALTR_TAG_RULE_INFO | Contains records representing specific tag rules used in the system, typically for data protection metrics |
ALTR_ALERT_INFO | Contains alerts applied to each rule |
ALTR_TAG_INFO | Contains tag name and tag value on which policies are applied |
TOKENIZE | Contains JSON objects representing columns configured as tokenized |
ALTR_TOKENIZE_INFO | Contains columns that are configured as tokenized in ALTR org |
SNOW_DB_INFO | Contains database, schema, table and column details where Snowflake object tags are applied |
SNOW_TAG_INFO | Contains records of Snowflake object tags and their mapping to ALTR tags used in policy |
If you require assistance or run into issues, contact ALTR Support with the subject line “Analytics Support.”