Set up OAuth App Connections in your supported data warehouses to securely execute data diffs on behalf of your users.
PRE_AUTHORIZED_ROLES_LIST
must include all roles allowed to use the current security integration.ACCOUNTADMIN
, SECURITYADMIN
, and ORGADMIN
are not allowed to be included in PRE_AUTHORIZED_ROLES_LIST
.OAUTH_REFRESH_TOKEN_VALIDITY
can be in the range of 3600 (1 hour) to 7776000 (90 days).OAUTH_CLIENT_ID
and OAUTH_CLIENT_SECRET
, run the following SQL:TEMP
schema for all roles that will be using the OAuth flow. This must be done for all roles that will be utilizing the OAuth flow.SELECT
privileges for tables in the TEMP
schema for all roles that will be using the OAuth flow (except for the DATAFOLDROLE
role), if they were provided. This action must be performed for all roles utilizing the OAuth flow..FUTURE GRANTS
at the database level, this role will also will have FUTURE GRANTS
on the TEMP
schema.https://app.datafold.com/api/internal/oauth_dwh/callback
:
datafold_tmp_<username>
as the Dataset ID and set the same region as configured for other datasets. Click CREATE DATASET:
datafold_tmp_<username>
.datafold_tmp_<username>
schema. This can be done by granting roles like BigQuery Data Editor or BigQuery Data Owner or any custom roles with the required permissions.
Go to Google Cloud console, navigate to BigQuery, select datafold_tmp_<username>
dataset, and click Create dataset → Manage Permissions:
datafold_tmp_<username>
.
https://app.datafold.com/users/me
. If the user lacks credentials for BigQuery, click on + Add credentials, select BigQuery datasource from the list, and click Create credentials:
accounts.google.com
and then returned to the previous page:
<project>.<datafold_tmp_<username>>
, and click Update:
<datafold_tmp_<username>
.