Security
Security is a top priority. Masthead agent
does not query data in Data Warehouse
, it uses CDC logs produced by transactions executed in it. During the installation process next resources are created under your Google Cloud:
Pub/Sub topic
masthead-topic
and subscription masthead-agent-subscription

Logs Router with included filter, which automatically publishes to Pub/Sub topic
masthead-topic

To get metadata of BigQuery schema and its tables and views, the installation script creates
masthead_bq_schema_reader
custom role with next permissions:bigquery.datasets.get
bigquery.tables.get
bigquery.tables.list
Binds Masthead Service account to PubSub and newly created custom role. So Masthead Service Account has next roles granted to it:
masthead_bq_schema_reader
Pub/Sub Subscriber
For the On-Prem Deployment, in addition to the above-mentioned resources, Masthead Agent is deployed into your Google Cloud.
Last modified 1mo ago