Explore the Hakkoda services you need to modernize your data stack.
Discover how Hakkoda helps healthcare, financial services, and public sector organizations move forward with their data innovation journeys.
We are the real data people.
The Sigma BI Analyst App is a Snowflake Native Application that allows you to easily extract and analyze metadata from your BI environments. Currently the app supports Tableau, Power BI, and Looker. The app connects to the BI Tool’s API and extracts metadata storing it in the current Snowflake account. Once the metadata is extracted, you can use the app to trigger the automatic provisioning of Sigma Workbooks. These workbooks will provide a visual analysis of your BI environments.
USE ROLE ACCOUNTADMIN; SET role_name = 'SIGMA_BI_ANALYST_APP_ROLE'; SET wh_name = 'SIGMA_BI_ANALYST_APP_WH'; CREATE ROLE identifier($role_name); CREATE WAREHOUSE identifier($wh_name); GRANT OPERATE, USAGE ON WAREHOUSE identifier($wh_name) TO ROLE identifier($role_name); GRANT ROLE identifier($role_name) TO ROLE ACCOUNTADMIN; GRANT CREATE DATABASE ON ACCOUNT TO ROLE identifier($role_name) WITH GRANT OPTION; GRANT IMPORT SHARE ON ACCOUNT TO ROLE identifier($role_name); GRANT EXECUTE TASK ON ACCOUNT TO ROLE identifier($role_name) WITH GRANT OPTION; GRANT CREATE WAREHOUSE ON ACCOUNT TO ROLE identifier($role_name) WITH GRANT OPTION; GRANT CREATE INTEGRATION ON ACCOUNT TO ROLE identifier($role_name); GRANT CREATE APPLICATION ON ACCOUNT TO ROLE identifier($role_name);
The app requires API credentials for each BI tool you want to analyze. The user will need to provision these credentials outside of the app. Each BI Tool uses a different method of authentication. The access control applied to the API credentials will be of importance as well with varying requirements for each tool. Instructions for provisioning API credentials can be found in the following sections:
For Tableau, the user will need to generate a personal access token (PAT) and provide it to the app. Extra steps are required if Tableau Server is being used as opposed to Tableau Cloud. For extended details on Tableau PATs, see here.
Follow steps below to generate a PAT:
For any detailed questions regarding generating a PAT, see here.
The Tableau Server URL parameter is required by the app to connect to the Tableau API. If using Tableau Server, the URL is going to be the same as the server URL where Tableau Server is hosted. In this case the URL may look something like ‘hakkoda.tableau.com’. If using Tableau Cloud, the URL will be different. For cloud, sign into Tableau and look at the URL in your browser. The URL should be roughly of the format ’10ay.online.tableau.com’, or something similar. You may include or exclude the https:// prefix.
The user should now have the following credentials:
Additional requirements for Tableau include the following:
To provision credentials for Power BI, you need to register an Azure Active Directory (Azure AD) application in Azure. The app uses the credentials for the Microsoft Entra application to authenticate with Power BI. Due to complexity of this process, please use provided links for detailed instructions. A highl level workflow is provided herein.
The user should have the following credentials:
For Looker, the user will need to generate API credentials for a given user. A user with admin privileges is needed to create the API key.
For looker the user will also need to determine the API host URL. The API Host URL is the user-facing domain name (and port optionally) that the app needs to reach the Looker API. For details on determing the URL see here.
The user should have the following credentials:
The app will connect to the Looker API “as the user” who owns the API key, so access will be limited to that of the user. The user that the key belongs to should have the below permissions in Looker:
If the two optional permissions are not granted, some analysis will be limited but the app will still function. If all other required permissions are not granted, the app will fail when extracting metadata. A failure message will be displayed on the home page if a permission is missing.
A lag in the application of the manage_project_connections permission has been observed. If this permission has been recently granted it may take a few minutes for the job script to be able to access the API properly.
Once credentials have been provisioned for the BI tools the user needs to analyze, the user needs to enter these credentials into the app. The app uses these credentials to create connections to the BI tools and subsequently extract metadata from them.
The following steps show how to input API credentials and start extracting data from BI tools. These steps are agnostic to the BI tool.
NOTE: Tableau’s API is very unstable. If the tableau job has failed for an unknown reason, try running the job again.
GRANT APPLICATION ROLE SIGMA_BI_ANALYST_APP_ROLE TO ROLE OTHER_ROLE;
After all previous steps have been completed the user can access the workbooks in Sigma by following the steps below:
GRANT APPLICATION ROLE SIGMA_BI_ANALYST_APP_ROLE TO ROLE OTHER_ROLE;
For support issues please reach out to app_support@hakkoda.io.
SOLUTIONS AND ACCELERATORS