Tag Management
Connecting a Snowflake object tag to ALTR automatically enforces ALTR access governance to all columns assigned to that tag. Refer to Column and Tag Connections for more information.
To connect a Snowflake object tag to ALTR:
Ensure a data source is connected.
Click → in the Navigation menu.
Click the Tags tab.
Click the Connect Tag button.
Enter an ALTR Data Source Connection. This can be any data source associated with your Snowflake account where the Service user has privileges to access the tag’s database.
Notice
The remaining fields are case sensitive. Enter them exactly as they appear in your Snowflake account.
Enter the Tag Database. This is the database where the tag is located and can be different from the data source connection.
Enter the Tag Schema. This is the schema within the Tag Database where the tag is located.
(Optional) Select the Tokenized check box to use ALTR policy to detokenize sensitive data. Ensure all values for this tag are tokenized. Refer to Tokenization Access Policies for more information.
Enter the Tag Name. This is the name of the tag in Snowflake.
(Optional) Turn on the ADVANCED: Enable custom roles switch to use a custom role with this tag. Learn more.
Click the Connect Tag button.
Note
Once a tag is connected and if new allowed values are added in Snowflake for this object tag, click Refresh Allowed Values to ingest new allowed values to be used when defining ALTR policies.
Tag connection status and other connection details, such as schema information and database, can be viewed directly in ALTR. Viewing the tag connection status helps to identify details for a particular tag, including
Snowflake Hostname and Service User Username being used for that tag’s data source connection
Tracking ID associated with the job for the most recent operation of the tag. The Tracking ID is useful for communicating with ALTR support if there are issues with the tag connection.
Details on any errors associated with failed connections to tags
Note
Tag status can also be viewed using the API. Refer to our API documentation for more information.
To view tag connection status:
Ensure a data source is connected.
Ensure the data source has a connected tag.
Click → in the Navigation menu.
Click the Tags tab.
Click a tag to view additional details.
Disconnect a tag if you no longer want ALTR to enforce access governance to columns with that tag.
To disconnect a Snowflake object tag:
Select → in the Navigation menu.
Click the Tags tab.
Select the tag you wish to disconnect.
Click the Disconnect Tag button. The disconnect tag process can take up to several minutes to complete.
Warning
Before force disconnecting a tag, consult ALTR Support.
Force disconnecting tags could have a negative impact on your source system if you do not fully understand your data and this feature.
Force disconnect a tag if you are unable to disconnect the tag as expected. This action removes all masking policies and supporting functions, ignores any errors encountered during the disconnect process and will effect masking policy and integrations. Use great caution with this feature because it cannot be undone.
Reasons to force disconnect tags include
Tag no longer exists in your source system.
Service user's privileges have been decommissioned.
ALTR could not connect to Snowflake.
To force disconnect a tag:
Select → → in the Navigation menu.
Select the tag you wish to disconnect.
Click the Disconnect Tag button.
Click the Trouble Disconnecting? link.
Click the Force Disconnect Column button.
Click the Force Disconnect Column button.
Review your source system and clean up any object left behind.