# Access permissions for Daton Daton will require access permissions both for extracting data from data sources and for loading data to cloud based data warehouses and data lakes. As a generic rule, Daton would need read access to data sources and write access to data destinations. The following write-up will talk in detail for each variety of integration. ### Data Warehouses #### Google BigQuery * Google BigQuery will require **BigQuery Data Owner** and **BigQuery Job User** permissions to service account * Read setup instructions in detail for [**BigQuery**](https://docs.sarasanalytics.com/integrations/destinations/bigquery/setup-google-bigquery) here #### Amazon RedShift * White list **35.238.200.205/32** Daton IP Address in security groups for the required RedShift cluster * Create a database user on RedShift and grant **CREATE** permissions on the database ``` CREATE USER daton WITH PASSWORD 'yourpassword'; CREATE SCHEMA daton AUTHORIZATION daton; GRANT CREATE ON DATABASE db-name TO daton; ``` * Read setup instructions in detail for [**RedShift**](https://docs.sarasanalytics.com/integrations/destinations/amazon-redshift) here ### Data Sources #### Databases * White list **35.238.200.205/32** Daton IP Address * Create a database user **READ** permissions on the database Each database will have different ways to configure the above steps and following links describe them in detail - 1. databases such as MySQL, PostgreSQL, Amazon Aurora, Amazon RedShift, GCP MySQL, GCP PostgreSQL, Amazon RDS MySQL, Amazon RDS PostgreSQL 2. Ecommerce platforms such as Magento, Capillary MartJack, WooCommerce, and BigCommerce #### **SaaS Applications with OAuth Authentication** * Scopes will be pre-defined as **Read-Only** for most of the OAuth sources such as Facebook Ads, Google Analytics, etc. Users can verify the scopes during authentication on Daton. For Example: ![Scopes for Google Analytics integration on Daton](https://15515196-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LbJ1eMq5M51cIpU163R%2F-LuHx07LDM_cwGyN13zK%2F-LuI5ZplrNQ9OrSyr7Hw%2Fimage.png?alt=media\&token=2b77a03a-1a73-41a5-a1ed-ec4f6d55e595) * It is however recommended that a separate user with **Read-Only** access be created for Daton on the respective platform and those credentials be used to integrate the data source. Read detailed documentation of respective applications at [Data Sources](https://docs.sarasanalytics.com/integrations/data-sources/saas-integrations). #### SaaS Applications with Basic Authentication * Applications with basic authentication protocols use API Keys and Secrets. * It is however recommended that a separate user with **Read-Only** access be created for Daton on the respective platform and those credentials be used to integrate the data source. * Note that some of the applications might not allow data extraction or usage of APIs with read-only access. Read detailed documentation of respective applications at [Data Sources](https://docs.sarasanalytics.com/integrations/data-sources/saas-integrations).