Skip to main content

25 docs tagged with "permissions"

View all tags

Access Control

Access Control in Atlan covers identity and access management (SSO, SCIM, users, groups, roles), permissions (personas, purposes, connection access, visibility), and audit logs. Configure who can sign in, what they can see, and how their activity is tracked.

Atlan architecture

Understand the Atlan architecture: platform components, management components, and central services across AWS, Azure, and GCP deployments.

Deployment architecture

The Atlan Secure Agent is a Kubernetes-based application that runs within a customer's environment. It acts as a gateway between the single-tenant Atlan SaaS and external systems like Snowflake, Tableau, and other data sources. This document explains the Secure Agent's deployment architecture, key components, communication flows, and security considerations.

Grant Databricks permissions

Grant the Unity Catalog and workspace permissions Context Engineering Studio needs to deploy a context repository to Databricks Genie. Required at deploy time. On Databricks, Simulate also runs on a live Genie Space, so simulating requires a first deploy.

Grant Snowflake permissions

Grant the Snowflake permissions Context Engineering Studio needs to deploy a certified context repository to Snowflake Cortex Analyst. Required only at deploy time. You can connect, build, and simulate without them.

Install on AWS EKS

This guide provides step-by-step instructions to install the Secure Agent on an Amazon Elastic Kubernetes Service (AWS EKS) cluster.

Permissions & data access

Control what users can see and do in Atlan once they have signed in. Scope access by team with personas, by data sensitivity with purposes, by connection, or hide assets entirely. Learn which control to use and how role, persona, and purpose combine.

Permissions for Databricks AI models

Full reference of the privileges required to crawl AI models and extract lineage from Databricks Unity Catalog, including what each privilege enables and how to grant it.

Permissions for Snowflake AI models

Full reference of the privileges required to crawl AI models and extract lineage from the Snowflake Model Registry, including what each privilege enables and why it's needed.

Permissions for Snowflake listings and shares

Full reference of the additional privileges the Atlan service account needs to discover Snowflake listings and shares, including what each privilege enables, why standard connector permissions aren't enough, and how to grant them.

Roles and permissions

Explanation of Snowflake's security model and role requirements for data quality operations.

Secure Agent

The Atlan Secure Agent is a lightweight, Kubernetes-based application that enables secure metadata extraction. It connects internal systems with Atlan SaaS while keeping sensitive data protected and doesn’t require inbound connectivity. Running within an organization’s controlled environment, the Secure Agent ensures compliance with security policies and automates metadata processing.

Security

Frequently asked questions about security controls and permissions for the Atlan browser extension.

Set up on-premises Databricks lineage extraction

The Docker-based databricks-extractor offline tool has been sunset. For on-premises or network-restricted Databricks lineage extraction, use Self-Deployed Runtime, Secure Agent, or direct connectivity via private link.

Set up SAP BW/4HANA

Set up user accounts and permissions required for SAP BW/4HANA metadata extraction in Atlan.

Set up SAP ECC

Set up user accounts and permissions required for SAP ECC metadata extraction in Atlan.

Set up SAP S/4HANA

Set up user accounts and permissions required for SAP S/4HANA metadata extraction in Atlan.