Skip to main content

Manage Tags

Connecting a Snowflake object tag to ALTR automatically enforces ALTR access governance to all columns assigned to that tag. Refer to Column and Tag Connections for more information.

Connect Tags

To connect a Snowflake object tag to ALTR:

  1. Ensure a data source is connected.

  2. Click Data ConfigurationData Management in the Navigation menu.

  3. Click the Tags tab.

  4. Click Connect Tag.

  5. Select an ALTR Data Source Connected. This can be any data source associated with your Snowflake account where the service user has privileges to access the tag's database.

  6. Select a Tag Database. This is the database where the tag is located and can be different from the data source connection.

  7. Select a Tag Schema. This is the schema within the Tag Database where the tag is located.

  8. Select a Tag Name. This is the name of the tag in Snowflake.

    Note

    If your data doesn't display in the dropdowns, ensure your service user account has privileges to access the data.

  9. (Optional) Turn on the ADVANCED: Enable custom roles switch to use a custom role with this tag. Learn more.

    Note

    In order to change this switch once the tag is connected, disconnect the tag, update the switch and reconnect the tag.

  10. For Do you have encryption or tokenization applied to this column?, select

    1. No, if this tag is not tokenized or encrypted and continue to the next step.

    2. Yes, if this tag is tokenized or encrypted.

    Note

    If this tag is tokenized, ensure all values for this tag are tokenized and select Tokenization from the Advanced Data Protection dropdown. Learn more.

    If this tag is encrypted, ensure the column has been encrypted in Snowflake and select Format-Preserving Encryption from the Advanced Data Protection dropdown. Select the Key, Tweak and Alphabet Type. Learn more.

  11. Click Connect Tag.

    Note

    Once a tag is connected and if new allowed values are added in Snowflake for this object tag, click Refresh Allowed Values to ingest new allowed values to be used when defining ALTR policies.

View Tag Connection Status

Tag connection status and other connection details, such as schema information and database, can be viewed directly in ALTR. Viewing the tag connection status helps to identify details for a particular tag, including

  • Snowflake Hostname and Service User Username being used for that tag’s data source connection

  • Tracking ID associated with the job for the most recent operation of the tag. The Tracking ID is useful for communicating with ALTR support if there are issues with the tag connection.

  • Details on any errors associated with failed connections to tags

Note

Tag status can also be viewed using the API. Refer to our API documentation for more information.

To view tag connection status:

  1. Ensure a data source is connected.

  2. Ensure the data source has a connected tag.

  3. Click Data ConfigurationData Management in the Navigation menu.

  4. Click the Tags tab.

  5. Click a tag to view additional details.

Disconnect Tags

Disconnect a tag if you no longer want ALTR to enforce access governance to columns with that tag.

To disconnect a Snowflake object tag:

  1. Select Data ConfigurationData Management in the Navigation menu.

  2. Click the Tags tab.

  3. Select the tag you wish to disconnect.

  4. Click the Disconnect Tag button. The disconnect tag process can take up to several minutes to complete.

Force Disconnect Tags

Warning

Before force disconnecting a tag, consult ALTR Support.

Force disconnecting tags could have a negative impact on your source system if you do not fully understand your data and this feature.

Force disconnect a tag if you are unable to disconnect the tag as expected. This action removes all masking policies and supporting functions, ignores any errors encountered during the disconnect process and will affect masking policy and integrations. Use great caution with this feature because it cannot be undone.

Reasons to force disconnect tags include

  • Tag no longer exists in your source system.

  • Service user's privileges have been decommissioned.

  • ALTR could not connect to Snowflake.

To force disconnect a tag:

  1. Select Data ConfigurationData ManagementColumns in the Navigation menu.

  2. Select the tag you wish to disconnect.

  3. Click the Disconnect Tag button.

  4. Click the Trouble Disconnecting? link.

  5. Click the Force Disconnect Column button.

  6. Click the Force Disconnect Column button.

  7. Review your source system and clean up any object left behind.

In this section: