Gitlab hero border pattern left svg Gitlab hero border pattern right svg

Data Team


Primary Project dbt docs Sisense Epics OKRs GitLab Unfiltered YouTube Playlist

Data Team Handbook


πŸŒŽπŸ“šπŸ’»πŸπŸ› πŸ”πŸ‘‘πŸ“Š

Many of the sections on this page will have emojis just below the heading. For more information about what they convey read the documentation page.


Contact Us

Slack

πŸŒŽπŸ“š

The Data Team uses these channels on Slack:

Meetings

πŸŒŽπŸ“š

The Data Team's Google Calendar is the SSOT for meetings. It also includes relevant events in the data space. Anyone can add events to it. Many of the events on this calendar, including Monthly Key Reviews, do not require attendance and are FYI events. When creating an event for the entire Data Team, it might be helpful to check their working hours in Google Calendar and discuss out of working hour meetings ahead of scheduling. Please consider alternating who is meeting after working hours when such meetings are necessary.

The Data Team has the following recurring meetings:

Daily Standup

Members of the data team use Geekbot for our daily standups. These are posted in #data-daily. When Geekbot asks, "What are you planning on working on today? Any blockers?" try answering with specific details, so that teammates can proactively unblock you. Instead of "working on Salesforce stuff", consider "Adding Opportunity Owners for the sfdc_opportunity_xf model." There is no pressure to respond to Geekbot as soon as it messages you. Give responses to Geekbot that truly communicate to your team what you're working on that day, so that your team can help you understand if some priority has shifted or there is additional context you may need.

Meeting Tuesday

πŸŒŽπŸ“š

The team honors Meeting Tuesday. We aim to consolidate all of our meetings into Tuesday, since most team members identify more strongly with the Maker's Schedule over the Manager's Schedule.

We Data

Charter

πŸŒŽπŸ’‘

The Data Team is a part of the Finance organization within GitLab, but we serve the entire company. We do this by maintaining a data warehouse where information from all business systems are stored and managed for analysis.

Our charter and goals are as follows:

Data Team Principles

πŸŒŽπŸ’‘

The Data Team at GitLab is working to establish a world-class data analytics and engineering function by utilizing the tools of DevOps in combination with the core values of GitLab. We believe that data teams have much to learn from DevOps. We will work to model good software development best practices and integrate them into our data management and analytics.

A typical data team has members who fall along a spectrum of skills and focus. For now, the data function at GitLab has Data Engineers and Data Analysts; eventually, the team will include Data Scientists. Review the team organization section section to see the make up of the team.

Data Engineers are essentially software engineers who have a particular focus on data movement and orchestration. The transition to DevOps is typically easier for them because much of their work is done using the command line and scripting languages such as bash and python. One challenge in particular are data pipelines. Most pipelines are not well tested, data movement is not typically idempotent, and auditability of history is challenging.

Data Analysts are further from DevOps practices than Data Engineers. Most analysts use SQL for their analytics and queries, with Python or R. In the past, data queries and transformations may have been done by custom tooling or software written by other companies. These tools and approaches share similar traits in that they're likely not version controlled, there are probably few tests around them, and they are difficult to maintain at scale.

Data Scientists are probably furthest from integrating DevOps practices into their work. Much of their work is done in tools like Jupyter Notebooks or R Studio. Those who do machine learning create models that are not typically version controlled. Data management and accessibility is also a concern.

We will work closely with the data and analytics communities to find solutions to these challenges. Some of the solutions may be cultural in nature, and we aim to be a model for other organizations of how a world-class Data and Analytics team can utilize the best of DevOps for all Data Operations.

Some of our beliefs are:

Team Organization

πŸŒŽπŸ“š

Data Analysts

The Data Analyst Team operates in a hub and spoke model, where some analysts are part of the central data team (hub) while others are embedded (spoke) or distributed (spoke) throughout the organization.

Central - those in this role report to and have their priorities set by the Data team. They currently support those in the Distributed role, cover ad-hoc requests, and support all functional groups (business units).

Embedded - those in this role report to the data team but their priorities are set by their functional groups (business units).

Distributed - those in this role report to and have their priorities set by their functional groups (business units). However, they work closely with those in the Central role to align on data initiatives and for assistance on the technology stack.

All roles mentioned above have their MRs and dashboards reviews by members in the Data team. Both Embedded and Distributed data analyst or data engineer tend to be subject matter experts (SME) for a particular business unit.

Data Support

Central
Role Team Member Type Prioritization Owners
Manager, Data @kathleentam Central @wzabaglio

Board

Engineering
Role Team Member Type Prioritization Owners
Junior Data Analyst, Engineering @ken_aguilar Embedded @kathleentam

Board

Finance
Role Team Member Type Prioritization Owners
Data Analyst, Finance @iweeks Embedded @wwright

Board: Finance Board

Marketing
Role Team Member Type Prioritization Owners
Marketing Operations Manager @rkohnke Distributed @rkohnke
Junior Data Analyst, Marketing @jeanpeguero Embedded @rkohnke

Board: Marketing Board

Sales
Role Team Member Type Prioritization Owners
Senior Sales Analytics Analyst @JMahdi Distributed @mbenza
Senior Sales Analytics Analyst @mvilain Distributed @mbenza
Senior Sales Analytics Analyst @DavidMack Distributed @mbenza
Data Analyst, Sales @derekatwood Embedded @mbenza
People
Role Team Member Type Prioritization Owners
Senior Data Analyst, People Team @Pluthra Embedded @kathleentam

Board: People Board

Product
Role Team Member Type Prioritization Owners
Sr. Data Analyst, Product @mpeychet Embedded Primary (DRI): @sfwgitlab
Data Analyst, Product @eli_kastelein Embedded Primary (DRI): @sfwgitlab

Board: Growth Board

Data Engineers

Though Data Engineers are sometimes given assignments to better support business functions no members of the the data engineering team are embedded or distributed. This allows them to focus on our data platform with an appropriate development cadence.

Role Team Member Assigned Groups Timezone Prioritization Owners
Manager, Data @jjstark GTM US Pacific (UTC-7) @bryanwise
Staff Data Engineer @tayloramurphy leave US Central (UTC-5) @jjstark
Senior Data Engineer @m_walker R&D US Mountain (UTC-6) @jjstark
Data Engineer @msendal G&A Central Europe (UTC+1) @jjstark
Data Engineer @paul_armstrong GTM Central Africa (UTC+2) @jjstark

Data Analysis Process

Analysis usually begins with a question. A stakeholder will ask a question of the data team by creating an issue in the Data Team project using the appropriate template. The analyst assigned to the project may schedule a discussion with the stakeholder(s) to further understand the needs of the analysis, though the preference is always for async communication. This meeting will allow for analysts to understand the overall goals of the analysis, not just the singular question being asked, and should be recorded. All findings should be documented in the issue. Analysts looking for some place to start the discussion can start by asking:

An analyst will then update the issue to reflect their understanding of the project at hand. This may mean turning an existing issue into a meta issue or an epic. Stakeholders are encouraged to engage on the appropriate issues. The issue then becomes the SSOT for the status of the project, indicating the milestone to which it has been assigned and the analyst working on it, among other things. The issue should always contain information on the project's status, including any blockers that can help explain its prioritization. Barring any confidentiality concerns, the issue is also where the final project will be delivered, after peer/technical review. When satisfied, the analyst will close the issue. If the stakeholder would like to request a change after the issue has been closed, s/he should create a new issue and link to the closed issue.

The Data Team can be found in the #data channel on slack.

Working with the Data Team

  1. Once a KPI or other Performance Indicate is defined and assigned a prioritization, the metric will need to be added to Sisense by the data team.
  2. Before syncing with the data team to add a KPI to Sisense, the metric must be:
    • Clearly defined in the relevant section in the handbook and added to the GitLab KPIs with all of its parts.
    • Reviewed with the Financial Business Partner for the group.
    • Approved and reviewed by the executive of the group.
  3. Once the KPI is ready to be added into Sisense, create an issue on the GitLab Data Team Issue Tracker using the KPI Template or PI Request Template.
    • The Data team will verify the data sources and help to find a way to automate (if necessary).
    • Once the import is complete, the data team will present the information to the owner of the KPI for approval who will document in the relevant section of the handbook.

SLO for inbound requests

Can I get an update on my dashboard?

The data team's priorities come from our OKRs. We do our best to service as many of the requests from the organization as possible. You know that work has started on a request when it has been assigned to a milestone. Please communicate in the issue about any pressing priorities or timelines that may affect the data team's prioritization decisions. Please do not DM a member of the data team asking for an update on your request. Please keep the communication in the issue.

How we Work

Documentation

The data team, like the rest of GitLab, works hard to document as much as possible. We believe this framework for types of documentation from Divio is quite valuable. For the most part, what's captured in the handbook are tutorials, how-to guides, and explanations, while reference documentation lives within in the primary analytics project. We have aspirations to tag our documentation with the appropriate function as well as clearly articulate the assumed audiences for each piece of documentation.

OKR Planning

Data Team OKRs are derived from the higher level BizOps/Finance OKRs as well as the needs of the team. At the beginning of a FQ, the team will outline all actions that are required to succeed with our KRs and in helping other teams measure the success of their KRs. The best way to do that is via a team brain dump session in which everyone lays out all the steps they anticipate for each of the relevant actions. This is a great time for the team to raise any blockers or concerns they foresee. These should be recorded for future reference.

These OKRs drive ~60% of the work that the central data team does in a given quarter. The remaining time is divided between urgent issues that come up and ad hoc/exploratory analyses. Specialty data analysts (who have the title "Data Analyst, Specialty") should have a similar break down of planned work to responsive work, but their priorities are set by their specialty manager.

Milestone Planning

The data team currently works in two-week intervals, called milestones. Milestones start on Tuesdays and end on Mondays. This discourages last-minute merging on Fridays and allows the team to have milestone planning meetings at the top of the milestone.

Milestones may be three weeks long if they cover a major holiday or if the majority of the team is on vacation or at Contribute. As work is assigned to a person and a milestone, it gets a weight assigned to it.

Milestone planning should take into consideration:

The milestone planning is owned by the Manager, Data.

The timeline for milestone planning is as follows:

Day Current Milestone Next Milestone
0 - 1st Wednesday Milestone Start

Roll Milestone
-
7 - 2nd Tuesday Midpoint

Any issues that are at risk of slipping from the milestone must be raised by the assignee
-
10 - 2nd Friday The last day to submit MRs for review

MRs must include documentation and testing to be ready to merge

No MRs are to be merged on Fridays
Milestone is roughly final

Milestone Planner distributes issues to team members, with the appropriate considerations and preferences
13 - 2nd Monday Last day of Milestone

Ready MRs can be merged
-
14 - 2nd Tuesday Meeting Day

All unfinished issues either need to be removed from milestones or rolled to the next
Milestone Planning

Scheduled DE meeting with a tactical discussion of the work to be completed next Milestone. Stakeholders and submitters are updated with what will or wont be added to the next milestone.

The short-term goal of this process is to improve our ability to plan and estimate work through better understanding of our velocity. In order to successfully evaluate how we're performing against the plan, any issues not raised at the T+7 mark should not be moved until the next milestone begins.

The work of the data team generally falls into the following categories:

During the milestone planning process, we point issues. Then we pull into the milestone the issues expected to be completed in the timeframe. Points are a good measure of consistency, as milestone over milestone should share an average. Then issues are prioritized according to these categories.

Issues are not assigned to individual members of the team, except where necessary, until someone is ready to work on it. Work is not assigned and then managed into a milestone. Every person works on the top priority issue for their job type. As that issue is completed, they can pick up the next highest priority issue. People will likely be working on no more than 2 issues at a time.

Given the power of the Ivy Lee method, this allows the team to collectively work on priorities as opposed to creating a backlog for any given person. As a tradeoff, this also means that every time a central analyst is introduced to a new data source their velocity may temporarily decrease as they come up to speed; the overall benefit to the organization that any analyst can pick up any issue will compensate for this, though. Learn how the product managers groom issues.

Data Engineers will work on Infrastructure issues. Data Analysts, Central and sometimes Data Engineers work on general Analytics issues. Data Analysts, work on analyses, e.g Growth, Finance, etc.

There is a demo of what this proposal would look like in a board.

This approach has many benefits, including:

  1. It helps ensure the highest priority projects are being completed
  2. It can help leadership identify issues that are blocked
  3. It provides leadership view into the work of the data team, including specialty analysts whose priorities are set from outside the data function
  4. It encourages consistent throughput from team members
  5. It makes clear to stakeholders where their ask is in priority
  6. It helps alleviate the pressure of planning the next milestone, as issues are already ranked

Issue Types

There are three general types of issues:

Not all issues will fall into one of these buckets but 85% should.

Discovery issues

Some issues may need a discovery period to understand requirements, gather feedback, or explore the work that needs to be done. Discovery issues are usually 2 points.

Introducing a new data source

Introducing a new data source requires a heavy lift of understanding that new data source, mapping field names to logic, documenting those, and understanding what issues are being delivered. Usually introducing a new data source is coupled with replicating an existing dashboard from the other data source. This helps verify that numbers are accurate and the original data source and the data team's analysis are using the same definitions.

Work

This umbrella term helps capture:

It is the responsibility of the assignee to be clear on what the scope of their issue is. A well-defined issue has a clearly outlined problem statement. Complex or new issues may also include an outline (not all encompassing list) of what steps need to be taken. If an issue is not well-scoped as its assigned, it is the responsibility of the assignee to understand how to scope that issue properly and approach the appropriate team members for guidance early in the milestone.

Workflow Summary

The Data team workflow mirrors the Product Development Flow.

Stage (Label) Track Responsible Completion Criteria Who Transitions Out
workflow::start (triage) Validation Data Item has enough information to enter problem validation. Data
workflow::problem validation Validation Data, Business DRI Item is validated and defined enough to propose a solution Data
workflow::design Validation Data Design work is complete enough for issue to be implemented Data
workflow::solution validation Validation Data, Business DRI Sign off from business owners on proposed solution that is valuable, usable, viable and feasible Business DRI
workflow::planning breakdown Planning Data Item has a numerical milestone label Data
workflow::scheduling Planning Data Issue has a numerical milestone label Data
workflow::ready for development Build Data A data team member has started to work on the issue Data
workflow::In dev Build Data Initial engineering work is complete and review process has started Data
workflow::In review Build Data MR(s) are merged. Issues had all conversations wrapped up. Data
workflow::verification Build Data, Business DRI Work is demonstrable on production N/A
workflow::blocked Planning Data, Business DRI Work is no longer blocked Data

Issue Pointing

Issue pointing captures the complexity of an issue, not the time it takes to complete an issue. That is why pointing is independent of who the issue assignee is.

Weight Description
Null Meta and Discussions that don't result in an MR
0 Should not be used.
1 The simplest possible change including documentation changes. We are confident there will be no side effects.
2 A simple change (minimal code changes), where we understand all of the requirements.
3 A typical change, with understood requirements but some complicating factors
5 A more complex change. Requirements are probably understood or there might be dependencies outside the data-team.
8 A complex change, that will involve much of the codebase or will require lots of input from others to determine the requirements.
13 A significant change that has dependencies and we likely still don't understand all of the requirements. It's unlikely we would commit to this in a milestone, and the preference would be to further clarify requirements and/or break into smaller Issues.

Issue Labeling

Think of each of these groups of labels as ways of bucketing the work done. All issues should get the following classes of labels assigned to them:

Optional labels that are useful to communicate state or other priority

Workflows

Merge Request Workflow

Ideally, your workflow should be as follows:

  1. Confirm you have access to the analytics project. If not, request Developer access so you can create branches, merge requests, and issues.
  2. Create an issue, open an existing issue, or assign yourself to an existing issue. The issue is assigned to the person(s) who will be doing the work.
  3. Add appropriate labels to the issue (see above)
  4. Open an MR from the issue using the "Create merge request" button. This automatically creates a unique branch based on the issue name. This marks the issue for closure once the MR is merged.
  5. Push your work to the branch
  6. Update the MR with an appropriate template. Our current templates are:
    • dbt Model Changes - used for any change involving dbt. Analysts will most often use this one
    • add_manifest_tables - for adding tables to pgp extract
    • periscope - for getting a Periscope dashboard reviewed
    • python_changes - for general changes to Python code
    • All Other Changes - for work that doesn't generally fall into these categories
  7. Run any relevant jobs to the work being proposed
    • e.g. if you're working on dbt changes, run the job most appropriate for your changes. See the CI jobs page for an explanation of what each job does.
  8. Document in the MR description what the purpose of the MR is, any additional changes that need to happen for the MR to be valid, and if it's a complicated MR, how you verified that the change works. See this MR for an example of good documentation. The goal is to make it easier for reviewers to understand what the MR is doing so it's as easy as possible to review.
  9. Assign the MR to a peer to have it reviewed. If assigning to someone who can merge, either leave a comment asking for a review without merge, or you can simply leave the WIP: label.
    • Note that assigning someone an MR means action is required from them.
    • The peer reviewer should use the native approve button in the MR after they have completed their review and approve of the changes in the MR.
    • Adding someone as an approver is a way to tag them for an FYI. This is similar to doing cc @user in a comment.
    • After approval, the peer reviewer should send the MR back to the author to decide what needs to happen next. The reviewer should not be responsible for the final tasks. The author is responsible for finalizing the checklist, closing threads, removing WIP, and getting it in a merge-ready state.
  10. Once it's ready for further review and merging, remove the WIP: label, mark the branch for deletion, mark squash commits, and assign to the project's maintainer. Ensure that the attached issue is appropriately labeled and pointed.

Other tips:

  1. The Merge Request Workflow provides clear expectations; however, there is some wiggle room and freedom around certain steps as follows.
    • For simple changes, it is the MR author who should be responsible for closing the threads. If there is a complex change and the concern has been addressed, either the author or reviewer could resolve the threads if the reviewer approves.
  2. Reviewers should have 48 hours to complete a review, so plan ahead with the end of the milestone.
  3. When possible, questions/problems should be discussed with your reviewer before submitting the MR for review. Particularly for large changes, review time is the least efficient time to have to make meaningful changes to code, because you’ve already done most of the work!

YouTube

We encourage everyone to record videos and post to GitLab Unfiltered. The handbook page on YouTube does an excellent job of telling why we should be doing this. If you're uploading a video for the data team, be sure to do the following extra steps:

Our Data Stack

We use GitLab to operate and manage the analytics function. Everything starts with an issue. Changes are implemented via merge requests, including changes to our pipelines, extraction, loading, transformations, and parts of our analytics.

Stage Tool
Extraction Stitch, Fivetran, and Custom
Loading Stitch, Fivetran, and Custom
Orchestration Airflow
Storage Snowflake
Transformations dbt and Python scripts
Analysis Sisense For Cloud Data Teamsβ€Ž

Extract and Load

We currently use Stitch and Fivetran for most of our data sources. These are off-the-shelf ELT tools that remove the responsibility of building, maintaining, or orchestrating the movement of data from some data sources into our Snowflake data warehouse. We run a full-refresh of all of our Stitch/Fivetran data sources at the same time that we rotate our security credentials (approx every 90 days). Prior to running a full refresh we will drop all of the tables.

Data Source Pipeline Replication Frequency Quality Rating
BambooHR Airflow 12 hour intervals for all time 2
CloudSQL Postgres Stitch Β  2
Customer DB Postgres_Pipeline Β  2
Gitter Β  not updated Β 
GitLab.com Postgres_Pipeline 6 hour intervals 2
Google Analytics 360 Fivetran 6 hour intervals 2
Greenhouse Airflow (custom script) Once per day 2
License DB Postgres_Pipeline 6 hour intervals 2
Marketo Β  not updated Β 
Netsuite Fivetran 6 hour intervals - Backfilled from January 1, 2013 2
Part of Product MRs Airflow 1 day intervals 1
Salesforce (SFDC) Stitch 1 hour intervals - Backfilled from January 1, 2013 2
SheetLoad SheetLoad 24 hours 2
Snowplow Snowpipe Continuously loaded 2
Version DB Postgres_Pipeline 6 hour intervals 2
Zendesk Stitch 1 hour intervals - Backfilled from January 1, 2013 2
Zuora Stitch 30 minute intervals - Backfilled from January 1, 2013 2

SLOs (Service Level Objectives) by Data Source

This is the lag between real-time and the analysis displayed in the data visualization tool.

Data Source SLO
BambooHR 1 day
Clearbit None
Airflow DB 9 hours
CI Stats DB None - Owned by GitLab.com Infrastructure Team, intermittently unavailable
Customer DB None - Owned by GitLab.com Infrastructure Team, intermittently unavailable
DiscoverOrg None
GitLab.com None - Owned by GitLab.com Infrastructure Team, intermittently unavailable
GitLab Profiler DB None - Owned by GitLab.com Infrastructure Team, intermittently unavailable
Google Analytics 360 1 day
Greenhouse 2 days
License DB None - Owned by GitLab.com Infrastructure Team, intermittently unavailable
Marketo None
Netsuite 1 day
Salesforce (SFDC) 1 day
SheetLoad 2 days
Snowplow 1 day
Version DB None - Owned by GitLab.com Infrastructure Team, intermittently unavailable
Zendesk 1 day
Zuora 1 day

Adding new Data Sources and Fields

Process for adding a new data source:

To add new fields to the BambooHR extract:

Data Team Access to Data Sources

In order to integrate new data sources into the data warehouse, specific members of the Data team will need admin-level access to data sources, both in the UI and through the API. We need this admin-level access through the API in order to pull all the data needed to build the appropriately analyses and through the UI to compare the results of prepared analyses to the UI.

Sensitive data sources can be limited to no less than 1 data engineer and 1 data analyst having access to build the require reporting. In some cases, it may only be 2 data engineers. We will likely request an additional account for the automated extraction process.

Sensitive data is locked down through the security paradigms listed below; Sisense will never have access to sensitive data, as Sisense does not have access to any data by default. Sisense's access is always explicitly granted.

Using SheetLoad

SheetLoad is the process by which a Google Sheets and CSVs from GCS or S3 can be ingested into the data warehouse.

Technical documentation on usage of sheetload can be found in the readme in the data team project.

If you want to import a Google Sheet or CSV into the warehouse, please make an issue in the data team project using the "CSV or GSheets Data Upload" issue template. This template has detailed instructions depending on the type of data you want to import and what you may want to do with it.

Things to keep in mind about SheetLoad

We strongly encourage you to consider the source of the data when you want to move it into a spreadsheet. SheetLoad should primarily be used for data whose canonical source is a spreadsheet - i.e. Sales quotas. If there is a source of this data that is not a spreadsheet you should at least make an issue to get the data pulled automatically. However, if the spreadsheet is the SSOT for this data, then we can get it into the warehouse and modeled appropriately via dbt.

We do understand, though, that there are instances where a one-off analysis is needed based on some data in a spreadsheet and that you might need to join this to some other data already in the warehouse. We offer a "Boneyard" schema where you can upload the spreadsheet and it will be available for querying within Sisense. We call it Boneyard to highlight that this data is relevant only for an ad hoc/one off use case and will become stale within a relatively short period of time.

SheetLoad is designed to make the table in the database a mirror image of what is in the sheet from which it is loading. Whenever SheetLoad detects a change in the source sheet it will forcefully drop the database table and recreate it in the image of the updated spreadsheet. This means that if columns are added, changed, etc. it will all be reflected in the database.

Except for where absolutely not possible, it is best that the SheetLoad sheet import from the original Google Sheet directly using the importrange function. This allows you to leave the upstream sheet alone and while enabling you to format the sheetload version to be plain text. Any additional data type conversions or data cleanup can happen in the base dbt models. (This does not apply to the Boneyard.)

Snowplow Infrastructure

Refer to the Snowplow Infrastructure page for more information on our setup.

Data Source Overviews

Orchestration

We use Airflow on Kubernetes for our orchestration. Our specific setup/implementation can be found here. Also see the Data Infrastructure page for more information.

Data Warehouse

We currently use Snowflake as our data warehouse.

Warehouse Access

To gain access to the data warehouse:

Snowflake Permissions Paradigm

We use Permifrost to help manage permissions for Snowflake. Our configuration file for our Snowflake instance is stored in this roles.yml file. Also available is our handbook page on Permifrost.

We follow this general strategy for role management:

User Roles

Every user will have their own user role that should match their user name. Object level permissions (database, schemas, tables) in Snowflake can only be granted to roles. Roles can be granted to users or to other roles. We strive to have all privileges flow through the user role so that a user only has to use one role to interact with the database. Exceptions are privileged roles such as accountadmin, securityadmin, and sysadmin. These roles grant higher access and should be intentionally selected when using.

Functional Roles

Functional roles represent a group of privileges and role grants that typically map to a job family. The major exception is the analyst roles. There are several variants of the analyst role which map to differnt areas of the organization. These include analyst_core, analyst_finance, analyst_people, and more. Analysts are assigned to relevant roles and are explicitly granted access to the schemas they need.

Functional roles can be created at any time. It makes the most sense when there are multiple people who have very similar job families and permissions.

Object Roles

Object roles are for managing access to a set of data. Typically these represent all of the data for a given source. The zuora object role is an example. This role grants access to the raw Zuora data coming from Stitch, and also to the source models in the analytics.zuora schema. When a user needs access to Zuora data, granting the zuora role to that user's user role is the easiest solution. If for some reason access to the object role doesn't make sense, individual privileges can be granted at the granularity of a table.

Examples

This is an example role hierarchy for an Data Analyst, Core:

graph LR A([User: datwood]) -->|Member of| B[User Role: datwood] B -->|Member of| C[Functional Role: analyst_core] C -->|Member of| D[Object Role: bamboohr] C -->|Member of| H[Object Role: dbt_analytics] C -->|Member of| E[Object Role: netsuite] C -->|Member of| F[Object Role: zuora] G{{Privileges: analytics_sensitive}} -->|Granted to| C

This is an example role hierarchy for an Data Engineer and Account Administrator:

graph LR A([User: tmurphy]) -->|Member of| B[User Role: tmurphy] B -->|Member of| C[Functional Role: engineer] C -->|Member of| F[Functional Role: loader] C -->|Member of| H[Functional Role: transformer] G{{ Privileges: Read/Write Raw}} -->|Granted to| C A -->|Member of| D[Privileged Role: sysadmin] A -->|Member of| E[Privileged Role: securityadmin]

This is an example role hierarchy for a Security Operations Engineer:

graph LR A([User: ssichak]) -->|Member of| B[User Role: ssichak] A -->|Member of| C[Privileged Role: securityadmin]

Managing Roles for Snowflake

Here are the proper steps for provisioning a new user and user role:

  • Make sure we have an issue in the Gitlab Data Team project linking the original request with the Provisioning label applied
  • Login to Snowflake and switch to securityadmin role
    • All roles should be under securityadmin ownership
  • Copy the user_provision.sql script and replace the email, firstname, and lastname values in the initial block
  • If a password is needed, use Password Generator to create one
    • Send username and password credentials to user with One Time Secret or via Slack
  • Document in Snowflake roles.yml permifrost config file
    • Add the user and user role you created
    • Assign the user role to new user
    • Assign any additional roles to user
  • Ensure the user is assigned the application in Okta

Compute Resources

Compute resources in Snowflake are known as "warehouses". To better track and monitor our credit consumption, we have created several warehouses depending on who is accessing the warehouse. The names of the warehouse are appended with their size (analyst_xs for extra small)

Data Storage

We currently use two primary databases: raw and analytics. The former is for extracted and loaded data; the latter is for data that is ready for analysis (or getting there).

There is a snowflake database, which contains information about the entire GitLab instance. This includes all tables, views, queries, users, etc.

There is a covid19 database, which is a shared database managed through the Snowflake Data Exchange.

There is a testing_db database, which is used for testing Permifrost.

All databases with the exception of analytics, raw, covid19, testing_db, and snowflake are removed on a weekly basis.

Raw

Analytics

With the exception of the boneyard schema, all schemas are controlled by dbt. See the dbt guide for more information.

Timezones

All timestamp data in the warehouse should be stored in UTC. The default timezone for a Snowflake sessions is PT, but we have overridden this so that UTC is the default. This means that when current_timestamp() is queried, the result is returned in UTC.

Stitch explicitly converts timestamps to UTC. Fivetran does this as well (confirmed via support chat).

Snapshots

πŸ“ŠπŸ“š

We use the term snapshots in multiple places throughout the data team handbook and the term can be confusing depending on the context. Snapshots as defined by the dictionary is "a record of the contents of a storage location or data file at a given time". We strive to use this definition whenever we use the word.

dbt

The most common usage is in reference to dbt snapshots. When dbt snapshots is run, it takes the state of the data based on a query specified by the user and updates a table that contains the full history of the state of the data. It has valid_to and valid_from fields indicating the time period for which that particular snapshot is valid. See the dbt snapshots section in our dbt guide for more technical information.

The tables generated and maintained by dbt snapshots are the raw historical snapshot tables. We will build downstream models on top of these raw historical snapshots for further querying. The snapshots folder is where we store the dbt models. One common model we may build is one that generate a single entry (i.e. a single snapshot) for a given day; this is useful when there are multiple snapshots taken in a 24 hour period. We also will build models to return the most current snapshot from the raw historical table.

Other uses

Our Greenhouse data can be thought of as a snapshot. We get a daily database dump provided by Greenhouse that we load into Snowflake. If we start taking dbt snapshots of these tables then we would be creating historical snapshots of the Greenhouse data.

The extracts we do for some yaml files and for BambooHR can also be thought of as snapshots. This extraction works by taking the full file/table and storing it in its own, timestamped row in the warehouse. This means we have historical snapshots for these files/tables but these are not the same kind of snapshot as dbt. We'd have to do additional transformations to get the same valid_to and valid_from behavior.

Language

Backups

For an extra layer of robustness, we backup data from the warehouse into GCS (Google Cloud Storage). We execute the jobs using dbt's run-operation capabilities. Currently, we backup all of our snapshots daily and retain them for a period of 1 month. We implemented the basic instructions outlined in this Calogica blog post.

Transformation

We use dbt for all of our transformations. See our dbt guide for more details on why and how we use this tool.

Visualization

We use Sisense as our Data Visualization and Business Intelligence tool. To request access, please follow submit an access request.

Meta Analyses for the Data Team

Security

Passwords

Per GitLab's password policy, we rotate service accounts that authenticate only via passwords every 90 days. A record of systems changed and where those passwords were updated is kept in this Google Sheet.

We also rotate Snowflake user passwords the first Sunday of every 3rd month of the year (January, April, July, October) via the Snowflake Password Reset DAG.

Data Learning and Resources

Powered by GitLab Team Members

Data Newsletters

Data Blogs

Data Visualization Resources

Data Slack Communities

Technical Learning Resources

Team Roles

Triager

πŸ› πŸ“š

The Data team has implemented the following triage schedule to take advantage of native timezones:

UTC day Team member
Sunday Primary: @ken_aguilar / Backup: @kathleentam
Monday Primary: @ken_aguilar / Backup: @derekatwood
Tuesday Primary: @paul_armstrong / Backup: @msendal
Wednesday Alternating: @mpeychet / @eli_kastelein
Thursday Primary: @jeanpeguero / Backup: @iweeks
Friday Primary: @jeanpeguero / Backup: @derekatwood

A team member who is off, on vacation, or working on a high priority project is responsible for finding coverage and communicating to the team who is taking over their coverage; this should be updated on the Data Team's Google Calendar.

Having a dedicated triager on the team helps address the bystander affect. The schedule shares clear daily ownership information but is not an on-call position. Through clear ownership, we create room for everyone else on the team to spend most of the day around deep work. The triager is encouraged to plan their day for the kind of work that can be accomplished successfully with this additional demand on time.

Data Triage Guide

The goal of this guide is to ensure daily data triage completion. High-level responsibilities of this role include:

Many issues that come into the data team project from other GitLab team members need additional info and/or context in order to be understood, estimated, and prioritized. It is the triager's priority to ask those questions and to surface issues sooner, rather than later.

Note: The triager

How to Complete Data Triage

πŸ› πŸ

Create an issue in the Data Team project.

Reviewer

All GitLab data team members can, and are encouraged to, perform code review on merge requests of colleagues and community contributors. If you want to review merge requests, you can wait until someone assigns you one, but you are also more than welcome to browse the list of open merge requests and leave any feedback or questions you may have.

Note that while all team members can review all merge requests, the ability to accept merge requests is restricted to maintainers.

Codeowner

Code ownership is a feature of GitLab that links a project member to specific folders and files in a project. It is meant to answer the questions "who can I ask about this code?" and "who should review changes to this code?".

Becoming a code owner is part of the journey to becoming a project maintainer. If you are the sole creator of a file, say a new dbt model set, you will be the de facto code owner for those files. If you wish to expand your ownership purview, follow these steps:

  1. Create an MR to the CODEOWNERS file with the ownership change you wish to make
  2. Work with the other code owners that already cover the area you wish to join to pair with them on at least 5 MRs that alter the code you wish to be responsible for
    • The MRs should not reflect only small changes to the code base, but also architectural ones and ones that create a fully functioning addition. It may take more than 5 MRs for this criteria to be reached
    • You will be the primary reviewer for all MR's assigned to the code owner
    • You will review the MR's as if you had the power to merge
    • Once you feel the MR is ready and you would have merged it, assign it to the code owner and comment that you would have merged the MR
    • The code owner will do a follow up review if necessary and either merge the MR or assign it to a maintainer for you
    • Document the MR in the original MR you created
  3. Once the 5 MR threshold has been reached, the code owner will work with the applicant's manager to make a decision
  4. If denied, close the MR and work with your manager for a period of no less than 3 months before applying again
  5. If approved, assign the MR to a maintainer to merge. You will automatically be added to the Code Owner approval list once merged

Maintainer

A maintainer in any of the data team projects is not synonymous with any job title. Here, the data team takes from the precedent set forward by the engineering division on the responsibilities of a maintainer. Every data team project has at least one maintainer, but most have multiple, and some projects (like Analytics) have separate maintainers for dbt and orchestration.

How to become a data team maintainer

We have guidelines for maintainership, but no concrete rules. Maintainers should have an advanced understanding of the GitLab Data projects codebases. Prior to applying for maintainership of a project, a person should gain a good feel for the codebase, expertise in one or more domains, and deep understanding of our coding standards. You're probably ready to become a maintainer when both of these statements feel true:

  1. The MRs you've reviewed consistently make it through maintainer review without significant additionally required changes
  2. The MRs you've created consistently make it through reviewer and maintainer review without significant required changes

If those subjective requirements are satisfied, this is the process to add yourself as a maintainer:

  1. Create an issue in the relevant project with the title "Add as project maintainer"
  2. Add documentation to the issue for the following:
    • Explain why you are ready to take on the maintainer responsibility
    • Explain the scope of your maintainership (entire project, dbt, python, etc.)
    • Recent MR's that you have created and reviewed that you believe show your readiness
  3. Once the issue is created, tag a maintainer who you'd like to be paired with for a formal review
  4. The maintainer will have you pair with them on at least 10 merge requests
    • The MRs should show a diversity of scope, including architectural changes as well as complete, fully functioning feature releases with changes across many files and directories.
    • You will be the primary reviewer for these 10 MRs
    • You will review the MR's as if you had the power to merge
    • Once you feel the MR is ready and you would have merged it, assign it to the maintainer and comment that you would have merged the MR
    • The maintainer will do a follow up review if necessary and merge the MR for you
    • Document the MR in the issue you created
  5. Once the 10 MR threshold has been reached, the maintainer will work with the applicant's manager to make a decision
  6. If denied, close the issue and work with your manager for a period of no less than 3 months before applying again
  7. If approved, create a MR to add the maintainership to your team page entry
  8. Assign the MR to your manager and mention the existing maintainers of the relevant project (Infrastructure, Analytics, etc) and area (dbt, Airflow, etc.).
  9. If the existing maintainers of the relevant group e.g., dbt, do not have significant objections, and if at least half of them agree that the reviewer is indeed ready, we've got ourselves a new maintainer!
  10. An owner of the project will increase your privilege on the project

Job Descriptions

Data Analyst

Job Family

Data Engineer

Job Family

Manager

Job Family

Director of Data and Analytics

Job Family