Skip to content

Business Intelligence Software

Satori integrates with BI software to monitor and enforce security and privacy policy for data consumers who are using BI tools to access data. To achieve that, BI tools need to connect to the data store via the Satori hostname.

In most cases, BI tools access data on behalf of users, and doing so using a single, shared user to the data store. When the BI tool connects to the data store via Satori, Satori is only aware of that single user and doesn't have the full context of data access. In the following diagram, Satori cannot determine that Alice is accessing data via the BI tool, and only sees the shared BI_USER username: Screenshot

To enable Satori to be aware of the real user accessing data, Satori leverages existing capabilities of BI tools to send additional information about the BI tool's environment, including the identity of the real user. In the following diagram, the BI tool sends the username of Alice when it's connecting to the data store via Satori, making Satori aware of Alice's identity and enabling it to audit and enforce policies based on her true identity: Screenshot


JDBC Connections

Looker supports sending additional parameters on JDBC connections, see the Additional Parameters section in the Looker documentation. To send the real username to Satori, add the following parameter in the Additional Parameters field: SATORI_LOGIN_NAME={{ _user_attributes['email'] }}.

Note, that customizing the JDBC connection with additional parameters may disable Looker's PDT functionality. To avoid that, make sure to override the Additional Parameters field with the previous value (without the SATORI_LOGIN_NAME) in the PDT Overrides section.


Initial SQL

Tableau features an option to define an SQL command that will be run whenever a new database connection is established. Satori utilizes a special SQL command to associate the Tableau users' identity with the connection. To activate this functionality, you must first obtain an authentication token via the management console (Settings->User management->DAC Access Tokens) then add the below snippet with the newly created token as an initial SQL.

SELECT 'satori_user: '[TableauServerUser]', satori_token: <TOKEN>'