Remote Access

Fundamentals of Remote Access

Data permissions are maintained in Snowflake, Hadoop, Oracle DW for tables, and it’s quite a tedious work for Database Administrator to assign these permissions. A new team member joins, then you need to apply the permissions to various tables. On top of that, there is lots of PII information that needs to be protected for certain groups only. Some of the databases like Oracle do not support that, Snowflake does support it, but it can’t find which data is actually a PII.  To simplify this pain point, Remote data access management is introduced through OvalEdge.  This scenario also applies to reports. Business Users do not know whether they have access to some reports or not. OvalEdge should be one place to know for business users to search for reports and then request access and then also be able to monitor the progress of access requests.

rdam1The Remote Access tab lists the data objects and the meta and data permissions on these objects that a user is assigned access to in a remote application

remoteaccess

Remote Data Access Management

Remote Data Access Management has three ways for connecting remote database

  1.   None
  2.   Remote system is a master
  3.   OvalEdge is a master

Note: RDAM functionality is provided in the Administration -> Crawler -> Settings -> Remote Access.   See, User Manual 5.2 Crawler > Remote Data Access Management.

  1. None: When a user crawls any schema, all the users and roles from the remote source will come into Remote Users tab, and Remote Roles tab in the Administration > Users & Roles.
  2. Remote System is a master: In the Remote Access tab, user select an option of a Remote system is the master, and when a users crawls a remote connection, all the users and roles available in remote source pertaining to that schema connection are displayed in the OvalEdge (Administration - > Users & Roles screen). See, User Manual 5.2  Users & Roles.
    1. At the time of crawling the user permission available on that schema will also be reflected in Users & Roles | Remote users and Remote roles tab. Users will be able to login with that user's default password, then the user can change it on the first login.
    2. When this option is selected the admin users cannot create, update or delete the users or roles  will also be reflected in the Security, schema and Tables tab.
  3. OvalEdge  is a master: When OvalEdge is the master, users can assign Roles and User based permissions to Objects. For that admin users can use the existing Users and Roles or it can create new Users and Roles and then assign.
  • At the time of Crawling users and roles assigned to the schema are displayed.
  • When this option is selected the admin users can create, update or delete the users or roles. This will get reflected or added in remote sources as well. It also considers the roles permissions and schema permissions. Security schema level permission can be updated from OvalEdge

Note: Remote is master or OE is master in the Remote Access will not work unless Users, Roles, Policies & Permissions are not checked.

To setup a Remote Connection

  1. To establish a new connection click on the button, user may select a type of the remote connection (for example Snowflake)  required from the pop-up window. Enter specific authentication credentials in relation to that data source . Once the remote connection establishes user can perform the following settings
  2. Select a snowflake connection, click on the settings button from 9-dots  

    crwler1
  3. It is mandatory to select the check box [Users, Roles, Policies, & Permission]   

  4. Click on the Remote Access tab.
  5. In the Remote Data Access Management, select the option as Remote system is master
  6. In the Remote Policy, select the checkbox.  

    remotepolicycheckbox

  7. Click on the Save Changes button.  Success notification of Crawling setting is saved successfully is displayed
    cralwingpg

  8. Now once again, select the connection click on Crawl/Profile

    selectschema
  9.  Select the Schema and click on Crawl (or any other option) 
  10.  Click on the Run button. 
  11. Now once again, select the connection click on Crawl/Profile, it gives a success alert.
              successalert

Note:  

  • Users can navigate to User & Roles to view the user and roles from remote connection as well as OvalEdge users and roles. See, Administration - Users & Roles