I do not know what’s “common”, but we decided on a few things when setting ours up:
-
We use databases to separate user role permissions (
rawfor loaders to load raw data,dbt_devfor analysts to build development dbt models, andanalyticsfor our production models). -
The
rawdatabase houses our raw data as ingested by connectors. Connectors use theloaderrole, which is the only role with write access to this db, and it does not have access to any other db. The schemas in this database are named with a{source}_{connector}convention (egsalesforce_stitch). The purpose here is twofold, 1) It makes it easy to identify which connector is being used to ingest the data, and 2) It removes any naming conflict awkwardness when changing a source connector (eg if moving to Fivetran we would just createsalesforce_fivetran):
raw.salesforce_stitch.leads
raw.delighted_stitch.responses
raw.paycom_airflow.employees, etc.
- The
dbt_devdatabase is for (surprise) our analysts to develop dbt models. Each analyst has a namespaced default schema (egdbt_dev.dpearce). Analysts use thetransformerrole, which has read access to all dbs but can only write to thedbt_devdatabase.
dbt_dev.dpearce
dbt_dev.dpearce_base, etc.
- Finally, the
analyticsdatabase is for our production models. We separate our base tables and transformed models into different schemas (analytics.baseandanalytics.analytics). Ourbasemodels use a naming convention of{source_table}. Only our Sinter account can write to this database. Our BI tool (Looker) is read-only and only has access to theanalytics.analyticsschema. So:
analytics.base.freshdesk_agents
analytics.base.paycom_employees
analytics.base.salesforce_users
analytics.analytics.employees, etc.