add redshift to impersonation db list (#38369)

09e7c044 · Jeff Bruemmer · GitHub · 022201aa · 09e7c044
Unverified Commit 09e7c044 authored 1 year ago by Jeff Bruemmer Committed by GitHub 1 year ago
--- a/docs/permissions/data.md
+++ b/docs/permissions/data.md
@@ -61,9 +61,9 @@ Note that [Block](#block-access) access is unavailable for individual tables/sch

 {% include plans-blockquote.html feature="Impersonation access" %}

-> For now, impersonation access is only available for PostgreSQL and Snowflake.
+> For now, impersonation access is only available for PostgreSQL, Redshift, and Snowflake.

-**Impersonation access** allows you to associate user attributes with database-defined roles and their privileges. Metabase queries made by people with attributes that you define will respect the grants given to the database roles. 
+**Impersonation access** allows you to associate user attributes with database-defined roles and their privileges. Metabase queries made by people with attributes that you define will respect the grants given to the database roles.

 You can use impersonation to give people access to the native/SQL editor, while at the same time restricting their access to data based on a specific database role. And not just table-level access, but row-level access---or however you define access for that role in your database. Effectively what this means is that you can use impersonation to set up data sandbox-like access to your data, while letting people use the SQL editor to query that data. The difference is that, instead of setting up a data sandbox in Metabase, you need to set up that row-level security via the privileges granted to a role in your database.

@@ -85,7 +85,7 @@ For exactly how to create a new role in your database and grant that role privil
 **In your Metabase:**

 - Create a [new group](../people-and-groups/managing.md#groups), or select an existing group.
- Assign a [user attribute](../people-and-groups/managing.md#adding-a-user-attribute) to people in that group. You'll use this user attribute to associate people in that group with a role that you created in your database. For example, if you created a role named "Sales" in your database with access to a subset of tables, you would add a user attribute "Sales" to the group. The user attribute should match the name of the role in your database. Only some databases enforce case sensitivity, so you might want to make sure the attribute name and role match exactly just in case. 
+- Assign a [user attribute](../people-and-groups/managing.md#adding-a-user-attribute) to people in that group. You'll use this user attribute to associate people in that group with a role that you created in your database. For example, if you created a role named "Sales" in your database with access to a subset of tables, you would add a user attribute "Sales" to the group. The user attribute should match the name of the role in your database. Only some databases enforce case sensitivity, so you might want to make sure the attribute name and role match exactly just in case.
 - Next, you'll need to apply the impersonation access to that group. Go to **Admin settings** > **Permissions** > **Data**.
 - Select the database you want to set permissions on.
 - Find the group that you want to associate with the database role you created. Under **Data access** for that group, select **Impersonation**.