You can also grant permission to run SQL queries on an asset using an API token, if you want. (This must be explicitly granted, as it is not possible by default.) You can even mask certain information through data policies on purposes linked to the API token.
AuthPolicydata=Purpose.createDataPolicy(// (1)"Mask the data",// (2)purpose.getGuid(),// (3)AuthPolicyType.DATA_MASK,// (4)null,List.of(token.getApiTokenUsername()),// (5)false).policyMaskType(DataMaskingType.REDACT)// (6).build();AssetMutationResponseresponse=client.assets.save(List.of(data),false);// (7)try(AtlanClienttokenClient=newAtlanClient(client.getBaseUrl(),token.getAttributes().getAccessToken())){// (8)QueryRequestquery=QueryRequest.creator(// (9)"SELECT * FROM \"PACKAGETYPES\" LIMIT 50;","default/snowflake/1705755637").defaultSchema("RAW.WIDEWORLDIMPORTERS_WAREHOUSE")// (10).build();QueryResponseresponse=tokenClient.queries.stream(query);// (11)}
Use the createDataPolicy() method to start building a data policy with the minimal required information.
You must give the policy a name.
You must provide the GUID of the Purpose to attach this policy to.
Specify the type of policy (granting, denying or masking the data of assets with the tags in the purpose).
Set the policy user to the API token.
Set the type of masking to REDACT to redact the tagged elements in the query response.
To then add the policy to the purpose in Atlan, call the save() method with the policy object you've built.
Create a new AtlanClient set up to use the new API token.
To create a minimal query object, use the QueryRequest creator method and provide the following arguments:
SQL query to run.
unique name of the connection to use for the query.
You must provide default schema name to use for unqualified objects in the SQL, in the form DB.SCHEMA.
You can now execute the query using the stream() method.
Running SQL query on an asset with API token
1 2 3 4 5 6 7 8 910111213141516171819202122232425
frompyatlan.client.atlanimportAtlanClientfrompyatlan.model.queryimportQueryRequestclient=AtlanClient()data=Purpose.create_data_policy(# (1)name="Mask the data",# (2)purpose_id=purpose.guid,# (3)policy_type=AuthPolicyType.DATA_MASK,# (4)policy_users={f"service-account-{token.client_id}"},# (5)all_users=False,# (6))data.policy_mask_type=DataMaskingType.REDACT# (7)response=client.asset.save(data)# (8)token_client=AtlanClient(# (9)base_url=client.base_url,api_key=token.attributes.access_token)query=QueryRequest(# (10)sql='SELECT * FROM "PACKAGETYPES" LIMIT 50;',data_source_name="default/snowflake/1705755637",default_schema="RAW.WIDEWORLDIMPORTERS_WAREHOUSE",)response=token_client.queries.stream(request=query)# (11)
Use the create_data_policy() method to start building
a data policy with the minimal required information.
You must give the policy a name.
You must provide the GUID of the purpose to attach this policy to.
Specify the type of policy (granting, denying or
masking the data of assets with the tags in the purpose).
Set the policy_users to the API token.
Set the all_users option to False as
this policy is intended specifically for the API token.
Set the type of masking to REDACT
to redact the tagged elements in the query response.
To then add the policy to the purpose in Atlan,
call the save() method with the policy object you've built.
Create a new client with the API token.
To build a query, you need to use the QueryRequest and provide the following parameters:
sql: SQL query to run.
data_source_name: unique name of the connection to use for the query.
default_schema: default schema name to use for
unqualified objects in the SQL, in the form DB.SCHEMA.
You can now execute the query using the stream() method.
Running SQL query on an asset with API token
1 2 3 4 5 6 7 8 9101112131415161718192021
valdata=Purpose.createDataPolicy(// (1)"Mask the data",// (2)purpose.getGuid(),// (3)AuthPolicyType.DATA_MASK,// (4)null,List.of(token.getApiTokenUsername()),// (5)false).policyMaskType(DataMaskingType.REDACT)// (6).build()valresponse=client.assets.save(listOf(data),false)// (7)AtlanClient(client.getBaseUrl(),token.getAttributes().getAccessToken()).use{tokenClient->// (8)valquery=QueryRequest.creator(// (9)"SELECT * FROM \"PACKAGETYPES\" LIMIT 50;","default/snowflake/1705755637").defaultSchema("RAW.WIDEWORLDIMPORTERS_WAREHOUSE")// (10).build()valresponse=tokenClient.queries.stream(query)// (11)}
Use the createDataPolicy() method to start building a data policy with the minimal required information.
You must give the policy a name.
You must provide the GUID of the Purpose to attach this policy to.
Specify the type of policy (granting, denying or masking the data of assets with the tags in the purpose).
Set the policy user to the API token.
Set the type of masking to REDACT to redact the tagged elements in the query response.
To then add the policy to the purpose in Atlan, call the save() method with the policy object you've built.
Create a new AtlanClient set up to use the new API token.
To create a minimal query object, use the QueryRequest creator method and provide the following arguments:
SQL query to run.
unique name of the connection to use for the query.
You must provide default schema name to use for unqualified objects in the SQL, in the form DB.SCHEMA.
You can now execute the query using the stream() method.
POST /api/sql/query/stream
12345
{"sql":"SELECT * FROM \"PACKAGETYPES\" LIMIT 50;",// (1)"dataSourceName":"default/snowflake/1705755637","defaultSchema":"RAW.WIDEWORLDIMPORTERS_WAREHOUSE"}
You must provide the following properties:
sql: SQL query to run.
dataSourceName: unique name of the connection to use for the query.
defaultSchema: default schema name to use for
unqualified objects in the SQL, in the form DB.SCHEMA.
Policy implementation delay
Be aware that there is a delay of a few minutes after applying new policies
to the token before they become fully effective. If you run a query immediately
after creating the policy, you may still observe unredacted information until
the policy is fully implemented.