Guides

Features

Advanced

Connecting Columns in ALTR

In order for a column to be governed by ALTR, is must must be “Connected” to ALTR, which is the process where ALTR creates the necessary Snowflake-Side objects to be invoked for governance decisions - including a Dynamic Data Masking Policy. Once a column is connected in ALTR, any queries accessing that column will appear in ALTR’s query log and Data Usage Analytics.

What happens when a column is connected?

When you connect a column, ALTR creates a Dynamic Data Masking Policy for that column in Snowflake in the ALTR_DSAAS Schema for that column’s database. This Dynamic Data Masking Policy invokes ALTR’s governance engine every time that column is accessed by a query, allowing ALTR to:

  1. Track column access in the Query Log and Data Usage Analytics
  2. Limit or restrict access to the column in Column Access Policies and Thresholds

Note: Connecting a column to ALTR will not restrict any access to to that column until the column (or one of it’s Data Tags) are included in a Column Access Policy

Note: Connecting a column to ALTR incurs a minimal increase to the latency for queries accessing that column, as Snowflake will reach out to ALTR’s governance engine every time that column is accessed. This latency is negligible for large queries.

How to Connect Columns to ALTR

ALTR offers multiple avenues in its UI to connect columns: Via the Data Management Page, and via the Google DLP Classification Report.

Connecting Columns via the All Columns Page

To connect a column on the Columns page, click the “Add New” button. From here, you can specify the Data Source (database), table, and column to connect. ALTR also asks you to assign a name to the column, which is a shorter friendly name that ALTR uses to display that column throughout its UI. Once you submit the form with the “Add Column” button, ALTR will create a Dynamic Data Masking Policy for that column in Snowflake (see above). This may take several seconds.

Note: for large tables, the column dropdown may take several seconds to load.

Connecting Columns via the Google DLP Classification Report

ALTR enables users to easily connect sensitive data in the Google DLP Classification report. When on the report and selecting a classifier, you click the “connect” button next to each column to connect that column to the ALTR platform. This will trigger ALTR to create a Dynamic Data Masking Policy for that column in Snowflake (see above). This may take several seconds.

Note: ALTR automatically generates a Friendly Name for columns connected via the Classification report from the classifier and column identifier in Snowflake. You can edit these Friendly Names on the All Columns page.

Troubleshooting and FAQs

  1. I’m trying to connect a column from the All Columns page, but the column list is not loading.
    ALTR may take a long time to load columns lists for tables with particularly large numbers of columns (1000+). If the columns list does not load after a minute, reach out to support@altr.com
  2. I’m trying to connect a column from the All Columns page, but some of my tables are not appearing.
    After first connecting a database, ALTR only refreshes table lists every few hours. If the table was recently added, try coming back later. If you continue to be unable to see the table after several hours, reach out to support@altr.com.
  3. I want to disconnect a column that I connected from the Google DLP Classification Report.
    All columns can be disconnected from ALTR on the All Columns Page, which also removes their Dynamic Data Masking Policy.
  4. I want to disconnect a column that I’ve already dropped from Snowflake
    To remove Snowflake Schema Objects from ALTR that no longer exist, please contact support@altr.com.

First section of content