Amazon Redshift Sources > Before you begin > Verify permissions

Verify permissions

To extract metadata and to configure other capabilities that a catalog source might include, you need account access and permissions on the source system. The permissions required might vary depending on the capability.

Permissions to extract metadata

Ensure that you have the required permissions to enable metadata extraction.

Configure the following permissions:

•Read permission on the Amazon Redshift external source.
•Permissions that allow you to perform the following operations:

- select on pg_catalog.PG_ATTRIBUTE
- select on pg_catalog.PG_CLASS
- select on pg_catalog.PG_CONSTRAINT
- select on pg_catalog.PG_DESCRIPTION
- select on pg_catalog.PG_LANGUAGE
- select on pg_catalog.PG_NAMESPACE
- select on pg_catalog.PG_PROC
- select on pg_catalog.PG_TYPE
- select on pg_catalog.PG_VIEWS
- select on information_schema.COLUMNS
- select on information_schema.TABLES
- select on pg_catalog.PG_TABLES
- select on pg_catalog.PG_CLASS_INFO
- select on pg_catalog.PG_PROC_INFO
- select on pg_catalog.SVV_EXTERNAL_TABLES
- select on pg_catalog.SVV_EXTERNAL_COLUMNS
- select on pg_get_late_binding_view_cols() cols(view_schema name, view_name name, col_name name, col_type varchar, col_num int)

•Permissions to run the SHOW EXTERNAL TABLE operation on the tables that you want to process.
•Permissions to access tables from a specific schema:

- GRANT USAGE ON SCHEMA <Schema name> to <User>;
- GRANT SELECT ON ALL TABLES IN SCHEMA <Schema name> TO <User>;

Optionally, to obtain more detailed results, grant permissions that allow you to perform the following operation:

•select on pg_catalog.PG_DATABASE

Permissions to run data profiles

Ensure that you have the required permissions to run profiles.

To perform data profiling, you need to unload data to the Amazon Redshift source system.

To unload data, configure the following connector permissions:

•ListBucket. Required to view objects from Amazon S3 buckets.
•GetBucketPolicy. Required to get the IAM policy information for access privilege details on Amazon S3 buckets or folders.
•GetObject. Required to read objects from Amazon S3 buckets.
•PutObject. Required to process staging data for Avro and Parquet files.
•DeleteObject. Required to delete staging data of Avro and Parquet files.

Grant permissions to perform the following operations:

•Usage permission on the schemas to profile.

GRANT USAGE ON SCHEMA <Schema name> TO <User name>;

•Select permission on all tables or specific tables in the schema.

GRANT SELECT ON ALL TABLES IN SCHEMA <Schema name> TO <User name>;

GRANT SELECT ON <Table name> TO <User name>;

Permissions to perform data classification

You can perform data classification with the permissions required on the source system to perform metadata extraction.

Permissions to perform relationship discovery

You can perform relationship discovery with the permissions required on the source system to perform metadata extraction.

Permissions to perform glossary association

You can perform glossary association with the permissions required on the source system to perform metadata extraction.