Access Control
Access Control in Atlan covers identity and access management (SSO, SCIM, users, groups, roles), permissions (personas, purposes, connection access, visibility), and audit logs. Configure who can sign in, what they can see, and how their activity is tracked.
Atlan architecture
Understand the Atlan architecture: platform components, management components, and central services across AWS, Azure, and GCP deployments.
Compliance standards and assessments
Learn about compliance standards and assessments.
Data quality permissions
Reference for data quality permission scopes and configuration in Atlan.
Deployment architecture
The Atlan Secure Agent is a Kubernetes-based application that runs within a customer's environment. It acts as a gateway between the single-tenant Atlan SaaS and external systems like Snowflake, Tableau, and other data sources. This document explains the Secure Agent's deployment architecture, key components, communication flows, and security considerations.
Encryption and key management
Learn about encryption and key management.
Grant Databricks permissions
Grant the Unity Catalog and workspace permissions Context Engineering Studio needs to deploy a context repository to Databricks Genie. Required at deploy time. On Databricks, Simulate also runs on a live Genie Space, so simulating requires a first deploy.
Grant Snowflake permissions
Grant the Snowflake permissions Context Engineering Studio needs to deploy a certified context repository to Snowflake Cortex Analyst. Required only at deploy time. You can connect, build, and simulate without them.
Incident response plan
Learn about incident response plan.
Infrastructure security
Learn about infrastructure security.
Install on AWS EKS
This guide provides step-by-step instructions to install the Secure Agent on an Amazon Elastic Kubernetes Service (AWS EKS) cluster.
Permissions & data access
Control what users can see and do in Atlan once they have signed in. Scope access by team with personas, by data sensitivity with purposes, by connection, or hide assets entirely. Learn which control to use and how role, persona, and purpose combine.
Permissions for Databricks AI models
Full reference of the privileges required to crawl AI models and extract lineage from Databricks Unity Catalog, including what each privilege enables and how to grant it.
Permissions for Snowflake AI models
Full reference of the privileges required to crawl AI models and extract lineage from the Snowflake Model Registry, including what each privilege enables and why it's needed.
Permissions for Snowflake listings and shares
Full reference of the additional privileges the Atlan service account needs to discover Snowflake listings and shares, including what each privilege enables, why standard connector permissions aren't enough, and how to grant them.
Roles and permissions
Explanation of Snowflake's security model and role requirements for data quality operations.
Secure Agent
The Atlan Secure Agent is a lightweight, Kubernetes-based application that enables secure metadata extraction. It connects internal systems with Atlan SaaS while keeping sensitive data protected and doesn’t require inbound connectivity. Running within an organization’s controlled environment, the Secure Agent ensures compliance with security policies and automates metadata processing.
Security
Frequently asked questions about security controls and permissions for the Atlan browser extension.
Security monitoring
Learn about security monitoring.
Set up on-premises Databricks lineage extraction
The Docker-based databricks-extractor offline tool has been sunset. For on-premises or network-restricted Databricks lineage extraction, use Self-Deployed Runtime, Secure Agent, or direct connectivity via private link.
Set up SAP BW/4HANA
Set up user accounts and permissions required for SAP BW/4HANA metadata extraction in Atlan.
Set up SAP ECC
Set up user accounts and permissions required for SAP ECC metadata extraction in Atlan.
Set up SAP S/4HANA
Set up user accounts and permissions required for SAP S/4HANA metadata extraction in Atlan.
Troubleshooting Salesforce connectivity
Learn about troubleshooting salesforce connectivity.
Troubleshooting ServiceNow
Why is the security\_admin role required to complete the ServiceNow integration?