Use the Connection Upgrade Manager
Supported technologies
Databricks Unity Catalog
Snowflake
Trino
Requirements
An integration enabled on the Immuta app settings page
Data sources registered
Immuta global
GOVERNANCEandAPPLICATION_ADMINpermissions
Begin your upgrade
Select Data and then Upgrade Manager in the navigation menu. This tab will only be available if you have integrations ready for upgrade.
Click Start Upgrade.
Display Name: The display name represents the unique name of your connection and will be used as prefix in the name for all data objects associated with this connection. It will also appear as the display name in the UI and will be used in all API calls made to update or delete the connection.
Click Next.
Ensure Immuta has the correct credentials to connect to the data platform. Select the tab below for more information:
Click Validate Credentials to ensure the access token can connect Immuta and Databricks Unity Catalog.
Create a Snowflake role with a minimum of the following permissions:
USAGEon all databases and schemas with registered data sources.REFERENCESon all tables and views registered in Immuta.SELECTon all tables and views registered in Immuta.
Grant the new Snowflake role to the Immuta system user in your Snowflake environment.
Enter the new Snowflake role in the textbox.
Click Validate Credentials to ensure the role has been granted to the right user.
When possible, Immuta will populate your credentials from your data source registration. If you used multiple credentials to register data sources you will need to enter a single set of credentials for your system account.
If Immuta populates the credentials:
Click Validate Connection to ensure the Trino cluster is running, and Immuta can connect to it.
If you need to enter credentials:
Create or select a Trino user with a minimum of these permissions:
SELECTon all tables you want registered in Immuta
Use the dropdown to select your authentication method:
Username and Password: Enter the username and password for the system account user.
OAuth 2.0 with Client Secret:
Fill out the Token Endpoint with the full URL of the identity provider. This is where the generated token is sent.
Fill out the Client ID. This is a combination of letters, numbers, or symbols, used as a public identifier. This is the subject of the generated token.
Enter the Scope (string). The scope limits the operations allowed in Trino by the access token. See the OAuth 2.0 documentation for details about scopes.
Enter the Client Secret. Immuta uses this secret to authenticate with the authorization server when it requests a token.
OAuth 2.0 with Client Certificate:
Fill out the Token Endpoint with the full URL of the identity provider. This is where the generated token is sent.
Fill out the Client ID. This is a combination of letters, numbers, or symbols, used as a public identifier. This is the subject of the generated token.
Enter the Scope (string). The scope limits the operations allowed in Trino by the access token. See the OAuth 2.0 documentation for details about scopes.
Opt to fill out the Resource field with a URI of the resource where the requested token will be used.
Enter the x509 Certificate Thumbprint. This identifies the corresponding key to the token and is often abbreviated as `x5t` or is called `sub` (Subject).
Upload the Client Certificate, which is used to sign the authorization request.
Update your
immuta-access-control.propertiesfile and enter the Trino username into theimmuta.user.adminfield.Click Validate Connection to ensure the Trino cluster is running, and Immuta can connect to it.
Click Next.
Click Upgrade Connection.
Click the link to the docs to understand the impacts of the upgrade.
Click the checkbox to confirm understanding of the upgrade effects, and click Yes, Upgrade Connection.
The upgrade manager will then begin connecting your data sources with the tables in the backing technology. This may take some time to complete.
Resolve any issues
While most upgrades will complete without any additional intervention, it may be necessary to resolve data sources that are not easily matched to the backing tables. See the Troubleshooting guide if you are prompted to Resolve in the upgrade manager.
Complete your upgrade
Your connection is in an upgrade state until you finalize. In the upgrade state, policy will still be applied to your data sources, but object sync is not on. To allow Immuta to discover new objects and created data sources for them, finalize your upgrade.
Select Data and then Upgrade Manager in the navigation menu. This tab will only be available if you have integrations ready for upgrade.
Click Finalize for the finished connection.
Last updated
Was this helpful?