Redshift
Create a Redshift Source
Prepare credentials and permission in Redshift
Certain credentials and permission are required for Validio to validate your data. For detailed information about permissions in Redshift, refer to Managing database security.
Credential Permission Requirements
Validio Credentials require
VIEWERaccess rights when connecting to sources to read and access data. Admins must ensure that they do not provideEDITORaccess rights to their credentials.
You can use this SQL script to set up a user and grant the necessary permissions for the Source in Validio:
- Copy this script to a SQL worksheet.
- Follow the steps described in the script.
/*--------------------------------------- Parameters used in this script -------------------------------------------------
Search/replace all instances of these parameters in the script with names of your choice.
<validio_user> -- Name of validio-user. It's not recommended to use an alread existing user.
<Some_Password123> -- Password for validio-user.
<user_creating_tables> [, <user2_creating_tables>...] -- One or more users who will create future tables validio-user should immediately get access to.
<schema_to_monitor> [, <schema2_to_monitor>...] -- Optionally filter access to one or more schemas
*/------------------------------------------------ Script -----------------------------------------------------
-- An admin-user such as awsuser is necessary to perform this setup.
SET SESSION AUTHORIZATION 'awsuser';
-- Create Validio-user with necessary grants
CREATE USER <validio_user> PASSWORD '<Some_Password123>'; -- Create a separate Validio-user
-- Grant user access to metadata
ALTER USER <validio_user> SYSLOG ACCESS UNRESTRICTED; -- Grant access to query logs.
GRANT SELECT ON svv_table_info TO <validio_user>; -- Grant access to table metadata.
GRANT SELECT ON pg_user_info TO <validio_user>; -- Grant access to user metadata.
-- Grant access to the data to validate. You can either write your own statements, or to simplify the process use the following query which generates grant statements for all
-- existing and future tables in your database, or filtered to specific schemas if you like. Run the query and then copy&paste the result (the generated statements) into a worksheet.
-- Review the generated statements before you run them, to ensure the grants will apply as you prefer.
SELECT p1 || schema_name || p2 || CASE WHEN o = 0 THEN ': --------------' ELSE ' TO <validio_user>;' END AS statement
FROM (
SELECT 0 AS o, '-------------- Privileges for schema ' AS p1, '' AS p2 UNION ALL
SELECT 1, 'GRANT USAGE ON SCHEMA ', '' UNION ALL
SELECT 2, 'GRANT SELECT ON ALL TABLES IN SCHEMA ', '' UNION ALL
SELECT 3, 'ALTER DEFAULT PRIVILEGES FOR USER <user_creating_tables> [, <user2_creating_tables...>...] IN SCHEMA ', ' GRANT SELECT ON TABLES'
) AS s,
information_schema.schemata
-- WHERE schema_name IN ('<schema_to_monitor>' [, '<schema2_to_monitor>'...]) -- Uncomment and edit this line to limit the result to specific schemas
ORDER BY schema_name, o;Add a Redshift Credential
To add a credential for Redshift,
- Navigate to Credentials and click + New Credential.
- Under Namespace, select a namespace where the resources will be created.
- For Credential Type, select Redshift Credential.
- Fill in the credential parameter fields. Refer to the Redshift Credential Parameters table.
- Check Use for catalog to automatically discover credentials and add them to the catalog page.
- Click Create.
Validio will validate the connection to the Redshift account. If validation passes, Validio will automatically start fetching data. If validation fails, check that you provided the correct parameter values and try again.
Once the credential is created, you can add a source to monitor Redshift data.
Redshift Credential Parameters
| Field | Description |
|---|---|
| Name | Identifier for the credentials. Used when accessing Sources. |
| Host | Endpoint of the Redshift cluster database, for example test-redshift-cluster-1.ynypdanx10uk.eu-north-1.redshift.amazonaws.com |
| Port | Port number of the Redshift database. |
| User | Username of Redshift account with read access to the desired table. |
| Password | Password of the specified Redshift user. |
| Default database | Name of the default Redshift database. |
Add a Redshift Source
To add a source for Redshift,
- Navigate to Sources and click + New source.
- Under Source type, select Redshift.
- Under Config,
- Select the valid Credential or create a new credential to authenticate your connection to the data warehouse.
- Enter the Database, Schema, and Table to specify where the data comes from. Selecting more than one table will create a new source for each table. Refer to the Source Configuration Parameters table.
- Set how many days of Historic data to use when you start the source.
- Set the Polling schedule, which is how frequently the validators on the source will check for changes.
- Under Schema, click Continue to automatically infer the schema fields from the tables you selected. If you select many tables, this operation can take a few minutes to complete.
- Under Source details,
- Add Tags to help group related sources or to use for routing notifications.
- Add an Owner who will be the contact for incident notifications.
- Click Continue to create the source.
Source names are generated automatically and will be displayed when the source creation completes. If there are more than 5 sources, you will see the names for the first five and a count of the remaining sources.
Source Configuration Parameters
| Parameter | Description |
|---|---|
| Database | Name of the Redshift database. |
| Schema | Name of the schema that contains the table. |
| Table | Name of the table to read data from. |
Remove credentials and permissions
You can use the following SQL script to remove configured permissions for the Source in Validio:
- Copy this script to a SQL worksheet.
- Follow the steps described in the script.
/*--------------------------------------- Parameters used in this script -------------------------------------------------
Search/replace all instances of these parameters in the script with names of your choice.
<validio_user> -- Name of validio-user you want to remove.
<validio_group> -- Name of validio-group you want to remove (if you have set up a group for Validio)
*/------------------------------------------------ Script -----------------------------------------------------
-- An admin-user such as 'awsuser' is necessary to perform this setup.
SET SESSION AUTHORIZATION 'awsuser';
-- This script generates statements to remove Validio. Run the script, then copy&paste the statements into a worksheet and run them to remove all Validio-related entities (see inline-comments below for more details) from this Catalog. We recommend you to carefully look through the statements before you run then to make sure you really want to remove each entity.
SELECT 'REVOKE ALL ON SCHEMA ' || schema_name || ' FROM <validio_user>;' AS statement FROM pg_catalog.svv_all_schemas UNION ALL -- Revoke all permissions on schemas from Validio-user...
SELECT 'REVOKE ALL ON ALL TABLES IN SCHEMA ' || schema_name || ' FROM <validio_user>;' FROM pg_catalog.svv_all_schemas UNION ALL --..and tables and views
SELECT 'REVOKE ALL ON SCHEMA ' || schema_name || ' FROM GROUP <validio_group>;' AS statement FROM pg_catalog.svv_all_schemas UNION ALL -- Revoke all permissions on schemas from Validio-group... (Remove this row if you haven't set up a dedicated Validio-group)
SELECT 'REVOKE ALL ON ALL TABLES IN SCHEMA ' || schema_name || ' FROM GROUP <validio_group>;' FROM pg_catalog.svv_all_schemas UNION ALL --..and tables and views (Remove this row if you haven't set up a dedicated Validio-group)
SELECT 'DROP GROUP <validio_group>;' UNION ALL -- DROP Validio-group (Remove this row if you haven't set up a Validio-group)
SELECT 'DROP USER IF EXISTS <validio_user>;'; -- DROP Validio-userUpdated 2 days ago