Getting Started
  • Protecto Overview
    • Introduction
      • Quickstart Guide
      • Protecto Vault
        • What is a token?
        • Token customization
        • Authentication
        • Tokenization APIs
          • Masking
            • Mask with token
            • Mask with format and token
            • Identify and mask (Auto-detect)
          • Unmasking
          • What happens if an API fails?
        • Asynchronous API's
        • Bulk data
      • Add new data source
        • Snowflake
          • Create and grant access to Protecto
          • Add Snowflake to Protecto
        • Salesforce
          • Create connected app and user
            • Steps to create connected app
            • Steps to create Protecto user
          • Add Salesforce to Protecto
        • Azure SQL
          • Connect using AD Application credentials
          • Connect using database user credentials
        • Databricks
          • Add Service principal (Azure AD Application) to Databricks
          • Steps to create Azure Databricks Cluster
          • Steps to create Databricks python notebook and schedule job
        • Redshift
          • Create and grant access to Protecto user
          • Add Redshift to Protecto
      • Protecto FAQ's
        • 1. What are the steps after we sign up for a Protecto account?
        • 2. Can I sign up for a free account? How long is the trial period?
        • 3. What is Protecto license key? How can I get a new license key?
        • 4. How do I extend the trial period?
        • 5. What is the Protecto pricing model?
        • 6. How do I cancel my account?
        • 7. How do I unsubscribe / opt-out from emails?
      • Compliance User Guide
        • Risk Identification: Key Definitions
        • Understanding Risks
          • Find assets with severe breach risk
          • Filter assets by breach risk level
          • Find assets with other privacy risks
        • Understanding Usage
          • Find the data assets that were accessed
          • Find the data assets that are not used
        • Add Tags & Classification
          • Add tags globally
          • Classify tags to the categories
          • Add tags with category to the data assets
          • Remove tags with category from the data assets
        • Governance
          • Find all data assets
          • Add/delete purposes
          • Assign data owner for a data asset
          • Add/delete consent, data subject type and location for a data asset
          • Add/update retention time for a data asset
          • Add/update minor data for a data asset
        • Generate Compliance Reports
          • ROPA (Records of Processing Activities)
          • DPIA (Data Protection Impact Assessment)
Powered by GitBook
On this page
  1. Protecto Overview
  2. Introduction
  3. Add new data source
  4. Redshift

Create and grant access to Protecto user

A user needs to be created (protecto_user) and access to certain tables need to be given for extracting the Redshift data source metadata.

User needs to have read access to the below tables:

1) To take Table details:

  • information_schema.tables

  • svv_tables

  • svv_table_info

2) To take Log details:

  • stl_query

  • svl_user_info

3) To take User details:

  • pg_user

4) To take Group details:

  • pg_group

5) To take User access privilege details:

  • pg_tables

  • pg_internal

  • pg_views

6) To take Schema details:

  • pg_catalog.pg_namespace

  • pg_catalog.pg_user

Reference queries:

CREATE USER protecto_user WITH PASSWORD '<password>';

GRANT USAGE ON SCHEMA information_schema TO protecto_user;

GRANT SELECT ON information_schema.tables TO protecto_user;

GRANT SELECT ON svv_tables TO protecto_user;

GRANT SELECT ON svv_table_info TO protecto_user;

GRANT SELECT ON stl_query TO protecto_user;

GRANT SELECT ON svl_user_info TO protecto_user;

GRANT SELECT ON pg_user TO protecto_user;

GRANT SELECT ON pg_group TO protecto_user;

GRANT SELECT ON pg_tables TO protecto_user;

GRANT USAGE ON SCHEMA pg_internal TO protecto_user;

GRANT SELECT ON pg_views TO protecto_user;

GRANT SELECT ON pg_catalog.pg_namespace TO protecto_user;

GRANT SELECT ON pg_catalog.pg_user TO protecto_user;

ALTER USER protecto_user WITH SYSLOG ACCESS UNRESTRICTED;

List of accesses needed for tables:

  • Grant "SELECT" and "USAGE" privilege for all schemas and tables in the database for protecto_user.

Reference queries:

GRANT USAGE ON SCHEMA <schema_name> TO protecto_user;

GRANT SELECT ON ALL TABLES IN SCHEMA <schema_name> TO protecto_user;

Note:

  • The above commands should be executed on all the future schemas and tables on which Protecto should analyze.

  • Once select access is given, if any new table is added in future, the select access should be given for all newly added tables to perform scanning.

PreviousRedshiftNextAdd Redshift to Protecto

Last updated 1 year ago