🤓 Who can do this? You will probably need your Looker administrator to run these commands — you may not have access yourself.
Atlan supports two options for user permissions in Looker. You should choose one of these methods to set up Looker:
Admin role
This role is required for Atlan to automatically generate lineage across Looker objects. When using this role, the crawler can access all folders in Looker including personal folders.
To set up this role:
- Log in to your Looker instance and ensure that you are an Admin user.
- From the menu in the upper left, click the Admin item.
- Under the Users section, click the Users item.
- In the table, find the user you're logged in as. Click the Edit button to the right of your user's row.
- Next to API3 Keys, click the Edit Keys button.
- On the resulting Edit User API3 Keys page, click the New API3 Key button.
- Save the generated credentials for crawling Looker.
Custom role
🚨 Careful! When using this approach, Atlan will not automatically generate lineage across Looker objects. You will need to individually allow access to each folder to be included in lineage.
Create role
To create a custom role for Atlan to access Looker:
- Log in to your Looker instance.
- From the menu in the upper left, click the Admin item.
- Under the Users section, click the Roles item.
- At the top of the page, click the New Permission Set button.
- Enter a name for the new permission set.
- For the permissions, select the following:
-
access_data
allows access to the other permissions below. -
see_lookml_dashboards
allows Atlan to crawl LookML dashboards. -
see_looks
allows Atlan to crawl Looks. -
see_user_dashboards
allows Atlan to crawl user-defined dashboards. -
explore
allows Atlan to fetch from the Explore page. -
see_sql
allows Atlan to fetch the SQL of a query or Look, to generate lineage. -
see_lookml
allows Atlan to fetch model information from LookML. -
develop
allows Atlan to fetch connection names from models, to generate lineage. -
see_datagroups
allows Atlan to fetch all connection names, to generate lineage.
-
- At the bottom of the permissions list, click the New Permission Set button.
- Back on the Roles page, at the top click the New Role button.
- Enter a name for the new role.
- For Permission Set, select the permission set you created in the previous step.
- For Model Set, select the models that you want to give access to.
- At the bottom of the page click the New Role button.
Create user
To create a user through which Atlan can access Looker:
- Open the Admin menu in Looker.
- Under the Users section, click the Users item.
- At the top of the page, click the Add Users button.
- For Email addresses enter the email address for the user.
- For Send setup emails uncheck the setting.
- For Roles check the box next to the role you created above.
- At the bottom of the page, click the Add Users button.
- On the resulting page, click the Done button.
Generate API key for user
To generate an API key for the user:
- Open the Admin menu in Looker.
- Under the Users section, click the Users item.
- In the table, find the user created above. Click the Edit button to the right of that user's row.
- (Optional) Consider entering a First Name and Last Name for the user to make it easier to recognize and find in the future.
- Next to API3 Keys, click the Edit Keys button.
- On the resulting Edit User API3 Keys page, click the New API3 Key button.
- Save the generated credentials for crawling Looker.
Include folders for lineage
To include folders when using a custom role, give permission using the following steps:
- From the Looker menu in the upper left, click the Admin item.
- Under the Users section, click the Content Access item.
- In the resulting page next to Folders select the folder and then click on the Manage Access... button.
- In the blank box at the bottom of the table, select the user created above from the list.
- To allow Atlan to crawl only dashboards, enable the View permission for this user.
- To allow Atlan to crawl tiles and queries for dashboards, enable the Manage Access, Edit permission for this user.
- To the right of the row for that user, click the Add button.
- At the lower-right of the dialog, click the Save button.
🚨 Careful! You will need to repeat these steps for every folder you want Atlan to be able to access.
SSH key for lineage
In addition to the role, you also need to set up access to your project files in GitHub for the following:
- Generate field-level and cross-project lineage from Looker
- Crawl Looker views and build upstream lineage for views and explores
🤓 Who can do this? Any user with access to the Looker project files in GitHub can set up this part. You will need to share the generated private key with whoever sets up the Looker crawler in Atlan.
To configure an SSH key for access to GitHub project files:
-
Create a new SSH key on your local computer. For example, run the following command and enter a passphrase when prompted (or leave blank for no passphrase):
ssh-keygen -t ed25519 -C "your_email@example.com" -f ~/.ssh/atlan_looker_lineage
-
Copy the generated keys from your local computer. For example:
- To copy the public key, run this command and copy the output:
cat ~/.ssh/atlan_looker_lineage.pub
- To copy the private key, run this command and copy the output:
cat ~/.ssh/atlan_looker_lineage
- To copy the public key, run this command and copy the output:
- In the upper-right corner of any GitHub page, click your profile photo, then click Settings.
- Under the Access section of the left sidebar, click SSH and GPG keys.
- In the upper-right, click the New SSH key button:
- For Title enter a descriptive label for the new key. For example, Atlan Lineage.
- For Key paste in the public key you copied above.
- At the bottom of the form, click the Add SSH key button.
- If prompted, enter your GitHub password and click Confirm password.