Getting Started with ALTR & Snowflake
Configure ALTR's Snowflake Service User
Connect Snowflake Databases
Connect Columns to ALTR
Creating Policy & Manage Data
Classification
Analytics
Column Access Policies
Views
Thresholds
Row Access Policy
Audit Logs
Settings
Tokenization
Tag-Based Data Masking
Tokenization API
Management API
ALTR Driver JDBC Installation
ALTR Driver ODBC Installation
Configure Tableau to Gain User Level Observability
Integrating ALTR Notifications with AWS S3
TDS Proxy Installation
CDM Installation
Custom Masking and Extensibility Functions
Bring Your Own Key for Tokenization
Open-Source Integrations
In order for a column to be governed by ALTR, it must must be 'Connected' to ALTR, which is the process where ALTR creates the necessary Snowflake-Side objects to be invoked for governance decisions, including a Dynamic Data Masking Policy. Once a column is connected in ALTR, then any queries accessing that column will appear in ALTR’s query log and Data Usage Analytics.
When you connect a column, then ALTR creates a Dynamic Data Masking Policy for that column in Snowflake in the ALTR_DSAAS Schema for that column’s database. This Dynamic Data Masking Policy invokes ALTR’s governance engine every time that column is accessed by a query which allows ALTR to:
Important Details for You to Know
ALTR offers multiple avenues in its UI to connect columns: Via the 'Data Management' page and the Google DLP Classification Report.
To connect a column on the 'Columns' page, click the Add New button. From here, you can specify the Data Source (database), table, and column to connect. ALTR also asks you to assign a name to the column, which is a shorter friendly name that ALTR uses to display that column throughout its UI. Once you submit the form with the Add Column button, then ALTR will create a Dynamic Data Masking Policy for that column in Snowflake (see above). This may take several seconds.
NOTE: For large tables, the column dropdown may take several seconds to load.
ALTR enables users to easily connect sensitive data in the Google DLP Classification report. When on the report and selecting a classifier, you click the Connect button next to each column to connect that column to the ALTR platform. This will trigger ALTR to create a Dynamic Data Masking Policy for that column in Snowflake (see above). This may take several seconds.
NOTES:
There may be situations where you might want to disconnect columns from ALTR. This action will remove various functions (such as governance rules, etc.,) that were defined for them. To disconnect columns, navigate to the 'Data Management' page and click on Disconnect Column as shown in screenshot below.
NOTE: You cannot remove a database if you have any columns connected to the database to ALTR.
Question: I’m trying to connect a column from the All Columns page, but the column list is not loading. Why is this happening?
Answer: ALTR may take a long time to load columns lists for tables with particularly large numbers of columns (1000+). If the columns list does not load after a minute, reach out to support@altr.com
Question: I’m trying to connect a column from the All Columns page, but some of my tables are not appearing. Why is this happening?
Answer: After first connecting a database, ALTR only refreshes table lists every few hours. If the table was recently added, try coming back later. If you continue to be unable to see the table after several hours, reach out to support@altr.com.
Question: I want to disconnect a column that I connected from the Google DLP Classification Report. How can I do it?
Answer: All columns can be disconnected from ALTR on the All Columns Page, which also removes their Dynamic Data Masking Policy.
Question: I want to disconnect a column that I’ve already dropped from Snowflake but am having trouble. How can I do it?
Answer: Certain situations might occur where you will not be able to disconnect a column in ALTR normally. For example, perhaps your column doesn't exist anymore, the service user's permissions were decommissioned, an AWS outage occurred, or ALTR couldn't connect with Snowflake for some reason. These example scenarios are when the Force Disconnect Column feature would be appropriate to use. It will remove the column from ALTR even if we are unable to successfully clean it up in Snowflake.
You can find this Force Disconnect Column button in the Advanced Options menu by clicking the down arrow to expand it.
NOTE: Be aware that the Force Disconnect Column feature should only be used as a last resort if you cannot do it normally. Once you Force Disconnect a Column then this action cannot be reversed. In addition, if you choose to do this, then artifacts such as the masking policy, schema objects from your account, etc., might still be left in Snowflake. We recommend that you after you force disconnect a column, you then go back and check Snowflake in case you'd prefer to clear out remnants due to storage limits, security risk policies from ongoing API call requests, or other reasons. To identify and remove them, you can email support@altr.com