Your database clients continue to work once Cyral protection is added to your databases. Below, we show how to use Tableau to connect to a Cyral-protected Snowflake database.
In this document, we focus on the standard Tableau Online interface, but the same steps apply to other Tableau versions as well.
Create a connection in Tableau with native authentication
To create a new connection to a server in Tableau, you need a connector to store the database connection details. In the Connect to Data window, click on the Connectors tab, then specify that you want to connect to a Snowflake server.
Provide the connection details:
for server name, provide the Cyral sidecar address;
if desired, add an optional role to use when connecting; and
for authentication method, choose Username and Password, and provide the Snowflake username and password.
Click the Initial SQL tab and add the following query:
SET TABLEAUENDUSER = [TableauServerUser]
Click Sign In.
Create a connection in Tableau with Single Sign-On (SSO) authentication
Currently, the Cyral product supports using SSO with Snowflake and Tableau through OAuth. For that, an OAuth integration must be created in the Snowflake account. This page contains detailed information for this step. If you’re using Tableau Online, the following command statement will create an integration called ts_oauth_int1.
create security integration ts_oauth_int1
type = oauth
enabled = true
oauth_client = tableau_server;
After this statement is executed in Snowflake, you can proceed to add a new connection in Tableau using OAuth.
Create or open the workbook where you'll add the database connection details.
Select Connect to Data. (If you're creating a new workbook, you'll see the Connect to Data screen automatically. If you're adding a data source in an existing workbook, click New Data Source in the workbook screen.)
In the Connect to Data screen, specify that you want to connect to a Snowflake server.
Provide the connection details:
for server name, provide the Cyral sidecar address;
if desired, add an optional role to use when connecting; and
for authentication method, choose Sign in using OAuth. When you do this, a new browser window will pop up where you can enter SSO credentials.
Click the Initial SQL tab and add the following query:
SET TABLEAUENDUSER = [TableauServerUser]
Click Sign In.
Run queries
Once you have successfully connected to a Snowflake server, you can start running queries. For that, you can use the Custom SQL tool. you can type the desired query in it, and then click on Update Now to see the results.
Log query activity
The Cyral activity log shows the user's Tableau identity as the endUser, and it shows their database user identity as the repoUser, and their database role as dbRole. Here's a sample segment of the Cyral activity log showing the identity information about a person who has connected to a Cyral-protected Snowflake repository using Tableau:
"identity": {
"endUser": "nancy.drew@hhiu.us",
"repoUser": "gsamsa",
"dbRole": "accountadmin"
}