Page tree

Release 8.7



Contents:

   

Contents:


You can apply the following Trifacta® platform features to relational connections to ensure compliance with enterprise practices. 

NOTE: These security options apply to external relational connections. For more information configuring security for internal connections to the Trifacta databases, see Enable SSL for Databases.

User Security

Connection Security Levels

Connection Security LevelDescription
PrivatePrivate connections are created by individuals and are by default accessible only to the individual who created them. 
Private and shared

Optionally, they can be shared by individuals with other users.

NOTE: If needed, credential sharing can be disabled. See below.

Global

Global connections are either created by administrators or are private connections promoted to global by administrators.

Credential Sharing

By default, users are permitted to share credentials through the application. Credentials can be shared in the following ways:

  • A user can create a private connection to a relational database. Through the application, this private connection can be shared with other users, so that they can access the creator's datasets. 
  • When sharing a flow with another user, the owner of the flow can choose to share the credentials that are necessary to connect to the datasets that are the sources of the flow. 

As needed, credential sharing can be disabled. 

NOTE: If enterprise policy is to disable the sharing of credentials, collaborators may need to be permitted to store their source data in shared locations.

Tip: Credential sharing can be disabled by individual users when they share a connection. The connection is shared, but the new user must provide new credentials to use the connection.

Steps:

To disable credential sharing at the global level:

  1. Login to the application as an administrator.
  2. You can apply this change through the Admin Settings Page (recommended) or
    trifacta-conf.json
    . For more information, see Platform Configuration Methods.
  3. Locate the following parameter. Set this property to false:

    "webapp.enableCredentialSharing": true,
  4. Save your changes and restart the platform.

Technical Security

The following features enhance the security of individual and global relational connections.

Encryption Key File

Relational database passwords are encrypted using key files:

  • Passwords in transit: The platform uses a proprietary encryption key that is invoked each time a relational password is shared among platform services. 
  • Passwords at rest: For creating connections to your relational sources, you must create and reference your own encryption key file. This encryption key is accessing your relational connections from the web application. 

This encryption key file must be created and installed on the Trifacta node.  For more information, see Create Encryption Key File.

SSL

You can enable SSL for any connection by adding the following string to the Connect String Opts field:

?ssl=true;

Tip: Some connection windows have a Use SSL checkbox, which also works.


Configure long load timeout limits

For long loading relational sources, a timeout is applied to limit the permitted load time. As needed, you can modify this limit to account for larger load times.

You can apply this change through the Admin Settings Page (recommended) or

trifacta-conf.json
. For more information, see Platform Configuration Methods.

  1. Locate and edit the following parameter:

    "webapp.connectivity.longLoadTimeoutMillis": 120000,
  2. Save your changes and restart the platform.
PropertyDescription
longLoadTimeoutMillisMax number of milliseconds to wait for a long-loading data source. The default value is 120000 (2 minutes).

For additional relational configuration settings, see Configure Data Service.

Enable SSO authentication

Relational connections can be configured to leverage your enterprise Single Sign-On (SSO) infrastructure for authentication. Additional configuration is required. For more information, see Enable SSO for Relational Connections.

Troubleshooting

Writing over TLS/SSL to relational datastore fails

Writing over TLS/SSL to a relational datastore may fail with an error message in the data service data service log similar to the following:

The server selected protocol version TLS11 is not accepted by client preferences [TLS12, SSL20Hello]

Solution:

In this case, TLS11 is a version of the TLS protocol that is no longer supported. As an option, you can choose to reset the HTTPS protocols to the default that are supported for Java 8. 

  1. You can apply this change through the Admin Settings Page (recommended) or
    trifacta-conf.json
    . For more information, see Platform Configuration Methods.
  2. Locate the following parameter and set it to true:

    "data-service.httpsProtocols.reset": false,

    Setting

    Description

    false

    (default) Supported HTTPS protocols are defined by the Trifacta platform. Does not include TLS 1.1

    true

    Supported HTTPS protocols are defined by Java 8. Includes TLS 1.1

  3. Save your changes and restart the platform.

This page has no comments.