Skip to content

Redshift Data Graph User Permission #7617

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

Redshift Data Graph User Permission #7617

wants to merge 2 commits into from

Conversation

stayseesong
Copy link
Contributor

Proposed changes

Merge timing

Related issues (optional)

@stayseesong stayseesong requested review from pwseg and a team as code owners May 14, 2025 20:38
@stayseesong stayseesong marked this pull request as draft May 14, 2025 20:38
@netlify Netlify
Copy link

netlify bot commented May 14, 2025

Deploy Preview for segment-docs ready!

Name Link
🔨 Latest commit 5915111
🔍 Latest deploy log https://app.netlify.com/projects/segment-docs/deploys/6824ff59266729000833f52e
😎 Deploy Preview https://deploy-preview-7617--segment-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@stayseesong stayseesong marked this pull request as ready for review May 19, 2025 16:37
pwseg
pwseg requested changes May 22, 2025
View reviewed changes
Copy link
Contributor

@pwseg pwseg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Quick handful of things to clean up.

src/unify/data-graph/setup-guides/redshift-access-permissions.md
### Database
Create a separate databse for Segment usage (for example, `segment_workspace`). This will have the following schemas:
1. Profiles Sync Schema (for example: `profiles_sync`)
* Segment will add [Profiles Sync tables](/docs/unify/profiles-sync/tables/) to this schema
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Segment will add [Profiles Sync tables](/docs/unify/profiles-sync/tables/) to this schema
* Segment adds [Profiles Sync tables](/docs/unify/profiles-sync/tables/) to this schema

Or "Segment then adds..."

src/unify/data-graph/setup-guides/redshift-access-permissions.md
1. Profiles Sync Schema (for example: `profiles_sync`)
* Segment will add [Profiles Sync tables](/docs/unify/profiles-sync/tables/) to this schema
2. `__segment_reverse_etl` schema
* Segment will create the [`__segment_reverse_etl` schema](/docs/connections/reverse-etl/system/#reverse-etl-schema) to add checksum tables for Linked/Data Graph
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Segment will create the [`__segment_reverse_etl` schema](/docs/connections/reverse-etl/system/#reverse-etl-schema) to add checksum tables for Linked/Data Graph
* Segment creates the [`__segment_reverse_etl` schema](/docs/connections/reverse-etl/system/#reverse-etl-schema) to add checksum tables for Linked/Data Graph

src/unify/data-graph/setup-guides/redshift-access-permissions.md
### User
Have 2 roles assigned to the Segment user:
* Profiles Sync role (for example, `segment_profiles_sync_role`)
* Linked/Data Graph role (for example, `segment_linked_role`)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Linked/Data Graph role (for example, `segment_linked_role`)
* Linked/Data Graph role (for example, `segment_linked_role`)

Can we split this "Linked/Data Graph" out into "Linked Audiences and Data Graph" or something? I feel like the combo term "Linked/Data Graph" is very internal and wouldn't be clear to an external audience.

src/unify/data-graph/setup-guides/redshift-access-permissions.md
The profiles sync role has the following permissions:
* Read and write access to the Profiles Sync schema (for example, `profiles_sync`)

#### Linked/Data Graph role (`segment_linked_role`)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
#### Linked/Data Graph role (`segment_linked_role`)
#### Linked/Data Graph role (`segment_linked_role`)

See above re: "Linked/Data Graph".

src/unify/data-graph/setup-guides/redshift-access-permissions.md
* The second database has read access

### Database
Create a separate databse for Segment usage (for example, `segment_workspace`). This will have the following schemas:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Create a separate databse for Segment usage (for example, `segment_workspace`). This will have the following schemas:
Create a separate database for Segment usage (for example, `segment_workspace`). This will have the following schemas:

src/unify/data-graph/setup-guides/redshift-access-permissions.md

Set up your Redshift Data Graph. You can choose from two different permissions options depending on your use case.

## Permissions Option 1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
## Permissions Option 1
## Permissions option 1

Should be sentence case

src/unify/data-graph/setup-guides/redshift-access-permissions.md
* Read access to Profiles Sync schema (for example, `profiles_sync`) to read Segment Profile/Event tables that are created by Profiles Sync
* Read access to full user data schema (for example, devices schema) or read access to specific tables in the user data schema (for example, `user_devices` table or `device_locations` table)

## Setup Guide
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
## Setup Guide
## Setup guide

src/unify/data-graph/setup-guides/redshift-access-permissions.md

2. Select 1 of the options below:

a. (*Option 1*):: Assign the Linked/Data Graph role with read access to full user data schema
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
a. (*Option 1*):: Assign the Linked/Data Graph role with read access to full user data schema
a. (*Option 1*):: Assign the Linked/Data Graph role with read access to full user data schema

Is "full user data schema" a term product is wanting us to use? I find this a bit confusing, maybe something like "access to all tables in the user data schema" would make more sense?

src/unify/data-graph/setup-guides/redshift-access-permissions.md
Set up the Data Graph so that Segment has access to a single database.

### Database
Create a single database for Profiles Sync & Linked usage (for example, `segment_workspace`). This has the following schemas:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Create a single database for Profiles Sync & Linked usage (for example, `segment_workspace`). This has the following schemas:
Create a single database for Profiles Sync and Linked Audience usage (for example, `segment_workspace`). This has the following schemas:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pwseg pwseg pwseg requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@stayseesong @pwseg