Fivetran Announces New Google Sheets Permissions, Security Options

At Fivetran, we’re always looking for new ways to bolster customer security and data privacy, so we offer permissions management at the most granular level possible.
May 1, 2018

At Fivetran, we’re always looking for new and better methods of bolstering customer security and data privacy, but we also urge our customers to follow data-security best practices. One way to do that is to grant Fivetran, or any other third party, as few permissions to your data as necessary.

Fivetran customers may limit the SELECT permissions to certain schemas and tables. We even let you do that all the way down to the column level with MySQL, Postgres and SQL Server. Fivetran encourages similar practices with your data warehouse, too. One important caveat is the Amazon Redshift data warehouse. If you connect Fivetran with the master/admin user, we will do routine database maintenance on your behalf: VACUUM (DEEP COPY) tables on weekends.

That said, we understand that security and convenience (accessibility) are always a trade-off, and we try to accommodate this where appropriate. That’s why we have introduced a second approach to authenticating Google Sheets when uploading them to your Fivetran supported data warehouse.

Our original implementation of Google Sheets uses OAuth for authentication. OAuth is a method for a user to delegate access for all files to which they have been granted access. Some companies, by default, give access to all Google Drive files to all employees. As a result, the Google OAuth method for Google Sheets grants Fivetran permission to access all of your company’s Google Spreadsheets, even the ones you haven’t connected to your data warehouse.

Fivetran OAuth method to upload Google Sheets.

Some of our clients have told us that access this broad was unacceptable.

So we added a second method — Service Accounts for authentication. This allows users to grant access on a per-spreadsheet basis. The Service Accounts method, however, requires granting access to a domain (fivetran-production.iam.gserviceaccount.com) that is outside of your Google account domain.

Fivetran Service Accounts method to upload Google Sheets.

There are a few caveats:

For some G Suite account holders, the practice of sharing outside the domain is banned by the security policies of their employer. As a result, these Fivetran customers must use the OAuth method unless G Suite permissions are altered to allow sharing outside the domain.

We should also note that if an employee is authenticating Google Sheets via the OAuth method from his or her own corporate Google account, the connection between those sheets will break if that employee’s Google account is terminated. This is not the case when it comes to the Service Accounts method.

Here is the Fivetran setup guide for both methods to upload Google spreadsheets to your data warehouse.

All in all, Google Sheets is just one of the dozens of connectors Fivetran offers. These connectors are the data from your business applications, and databases, that Fivetran syncs into a data warehouse for you.

Fivetran supports four column-oriented data warehouses. They include Google BigQuery, Amazon Redshift, Snowflake and the Microsoft Azure Synapse.

For an analysis on the difference between a row-based and column-oriented data warehouse, see our in-depth analysis here.

About Fivetran: Our mission is to democratize data, to make companies data driven, and to give analysts easy access to disparate data sources to perform advanced analytics.

With as little as a 5-minute setup, Fivetran replicates all your applications, databases, events and file storage into a high-performance data warehouse. Our cloud data pipelines are zero-configuration, zero-maintenance and fully managed by Fivetran.

Using Fivetran, businesses big and small gain complete control and ownership of their data. It’s easy to join data sources, perform agile analytics, and ultimately discover valuable insights using SQL or the business intelligence (BI) tools of choice.

The Fivetran sales team is available at sales@fivetran.com.

Start for free

Join the thousands of companies using Fivetran to centralize and transform their data.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Product
Product

Fivetran Announces New Google Sheets Permissions, Security Options

Fivetran Announces New Google Sheets Permissions, Security Options

May 1, 2018
May 1, 2018
Fivetran Announces New Google Sheets Permissions, Security Options
At Fivetran, we’re always looking for new ways to bolster customer security and data privacy, so we offer permissions management at the most granular level possible.

At Fivetran, we’re always looking for new and better methods of bolstering customer security and data privacy, but we also urge our customers to follow data-security best practices. One way to do that is to grant Fivetran, or any other third party, as few permissions to your data as necessary.

Fivetran customers may limit the SELECT permissions to certain schemas and tables. We even let you do that all the way down to the column level with MySQL, Postgres and SQL Server. Fivetran encourages similar practices with your data warehouse, too. One important caveat is the Amazon Redshift data warehouse. If you connect Fivetran with the master/admin user, we will do routine database maintenance on your behalf: VACUUM (DEEP COPY) tables on weekends.

That said, we understand that security and convenience (accessibility) are always a trade-off, and we try to accommodate this where appropriate. That’s why we have introduced a second approach to authenticating Google Sheets when uploading them to your Fivetran supported data warehouse.

Our original implementation of Google Sheets uses OAuth for authentication. OAuth is a method for a user to delegate access for all files to which they have been granted access. Some companies, by default, give access to all Google Drive files to all employees. As a result, the Google OAuth method for Google Sheets grants Fivetran permission to access all of your company’s Google Spreadsheets, even the ones you haven’t connected to your data warehouse.

Fivetran OAuth method to upload Google Sheets.

Some of our clients have told us that access this broad was unacceptable.

So we added a second method — Service Accounts for authentication. This allows users to grant access on a per-spreadsheet basis. The Service Accounts method, however, requires granting access to a domain (fivetran-production.iam.gserviceaccount.com) that is outside of your Google account domain.

Fivetran Service Accounts method to upload Google Sheets.

There are a few caveats:

For some G Suite account holders, the practice of sharing outside the domain is banned by the security policies of their employer. As a result, these Fivetran customers must use the OAuth method unless G Suite permissions are altered to allow sharing outside the domain.

We should also note that if an employee is authenticating Google Sheets via the OAuth method from his or her own corporate Google account, the connection between those sheets will break if that employee’s Google account is terminated. This is not the case when it comes to the Service Accounts method.

Here is the Fivetran setup guide for both methods to upload Google spreadsheets to your data warehouse.

All in all, Google Sheets is just one of the dozens of connectors Fivetran offers. These connectors are the data from your business applications, and databases, that Fivetran syncs into a data warehouse for you.

Fivetran supports four column-oriented data warehouses. They include Google BigQuery, Amazon Redshift, Snowflake and the Microsoft Azure Synapse.

For an analysis on the difference between a row-based and column-oriented data warehouse, see our in-depth analysis here.

About Fivetran: Our mission is to democratize data, to make companies data driven, and to give analysts easy access to disparate data sources to perform advanced analytics.

With as little as a 5-minute setup, Fivetran replicates all your applications, databases, events and file storage into a high-performance data warehouse. Our cloud data pipelines are zero-configuration, zero-maintenance and fully managed by Fivetran.

Using Fivetran, businesses big and small gain complete control and ownership of their data. It’s easy to join data sources, perform agile analytics, and ultimately discover valuable insights using SQL or the business intelligence (BI) tools of choice.

The Fivetran sales team is available at sales@fivetran.com.

Related blog posts

No items found.
No items found.
Why we were named dbt Labs™  Technology Partner of the Year
Blog

Why we were named dbt Labs™ Technology Partner of the Year

Read post
Fivetran supports Amazon S3 as a destination with open table formats
Blog

Fivetran supports Amazon S3 as a destination with open table formats

Read post
Fivetran: The all-in-one data movement platform for enterprise
Blog

Fivetran: The all-in-one data movement platform for enterprise

Read post

Start for free

Join the thousands of companies using Fivetran to centralize and transform their data.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.