7.1 Release Notes

ThoughtSpot version 7.1.1.CU1 is now available.

This release provides critical security fixes for log4j, and other fixes to functional issues.

To address the log4j issues, we’ve done the following:

  • Upgraded the log4j version used by ThoughtSpot to the latest version.

  • Upgraded the OS packages to the latest version.

  • Fixed remote code execution Java vulnerability in the H2 database console (CVE-2021-42392)

For a complete list of functional issues that we fixed in this release, see Fixed issues.

To see our feature deprecation plans, please see Deprecation announcements.

7.1.1 New Features and Functionality

These release notes include information about new and enhanced features.

For a complete list of issues that we fixed in this release, see Fixed issues.

Here are the most significant new features and improvements in the 7.1.1 Software Release:

For the Analyst

TML for tables with row-level security

ThoughtSpot now supports the migration and editing of tables with row level security (RLS) using TML.

Pinboard schedule gating conditions

Gating conditions for scheduled pinboards are now GA. Refer to Schedule a pinboard job to learn more about scheduling pinboards for email delivery, and how to leverage gating conditions so that ThoughtSpot only sends the pinboards when certain conditions are true.

For the Data Engineer

Custom calendar

Custom calendar is now available for Snowflake, Amazon Redshift, Google BigQuery, Microsoft Azure Synapse, and Databricks cloud data warehouses. See Custom calendar. This feature is disabled by default. To enable it, contact ThoughtSpot Support.

AWS Secrets Manager for Redshift connection passwords

Amazon Redshift connections now support AWS Secrets Manager for clusters deployed on an AWS EC2 instance. With this feature enabled, you no longer need to enter a password when you create a new Redshift connection. For details, see Amazon Secrets Manager. This feature is disabled by default. To enable it, contact ThoughtSpot Support.

For the IT Ops Engineer

Multiple Identity Providers for SAML login

You can now configure SAML SSO login for more than one Identity Provider (IDP). You may have multiple groups of users who need to log into ThoughtSpot but are managed by separate IDPs. To configure this, refer to Configure SAML using tscli.

Note that multiple IDP configuration is only possible through tscli, and not the Admin Console.

For the Developer

Customers embedding ThoughtSpot in software releases should continue embedding ThoughtSpot using legacy embedding tools, which remain supported in 7.x software releases. Upgrading an environment with an existing embedded solution leveraging the legacy embedded technology to SW v.7.x is supported and seamless from an embedding standpoint.

7.1.0.CU1 New Features and Functionality

VMware 6.7 certification

ThoughtSpot now certifies VMware version 6.7 on ThoughtSpot versions 7.1.0.CU1 and later. For more information on deploying ThoughtSpot with VMware, refer to VMware configuration overview.

7.1 New Features and Functionality

Self-service upgrade is not supported for upgrade to version 7.1.

For a complete list of issues that we fixed in this release, see Fixed issues.

Here are the most significant new features and improvements in the 7.1 Software Release:

All documentation for software embedding is now available only on the ThoughtSpot Everywhere documentation site.

For the Analyst

Scriptability
Query filters

Aggregate formulas now support in-line query filters. See Query filters.

For the Business User

Deprecations

ThoughtSpot is dropping support for the following feature in the 7.1 release. This feature is not available in the 7.1 release:

For the Data Engineer

Connections

ThoughtSpot has renamed Embrace to Connections. To access your connections, navigate to the Data tab and click Connections. For more information, see Connections.

Databricks

Connections now supports Databricks. For more information, see Databricks connections.

Starburst

Connections now supports Starburst. For more information, see Starburst connections.

DataFlow

We added support for the following databases: Dremio, Google Sheets, and Vertica.

DataFlow now automatically selects the options based on source file format, but you can overwrite it. For details, see Files. When connecting to remote files, DataFlow now supports the XML and Avro file formats.

DataFlow Single Sign-On

DataFlow now supports Single Sign-On (SSO). You can configure the Single Sign-On settings based on the SSO service used in your organization. Once configured, the user login authentication in ThoughtSpot and ThoughtSpot DataFlow is routed through the SSO service, and you do not need to maintain separate user credentials for ThoughtSpot DataFlow. See Manage DataFlow users with SSO for details.

Case-sensitive table names

DataFlow now supports case-sensitive table names. You can now create multiple syncs using different tables with the same name from the same connection and the same database.

Sync mode advanced settings

For all DataFlow connections, the Sync mode available in the Sync properties tab now defaults to Append.

Salesforce drivers

In this release, the Salesforce cdata JDBC jar in agent/lib/jars/salesforce/xx/jdbc/cdata.jdbc.salesforce.jar upgraded with the latest drivers.

Cassandra drivers

The Cassandra JDBC jar in agent/lib/jars/cassandra/3.x Jar: cdata.jdbc.cassandra.jar location upgraded with the latest drivers.

Truncate table

We removed this functionality because it is no longer necessary.

User management

We removed user management from DataFlow; this function is now integrated with ThoughtSpot user management.

For the IT Ops Engineer

Manage advanced search and SpotIQ settings

You can now manage advanced search and SpotIQ settings from the Admin Console. You can configure column indexing and enable or disable SpotIQ Analyze and column summaries. Refer to Manage search and SpotIQ settings.

Manage email and onboarding settings

You can manage certain advanced settings for your organization from the Admin Console. You can customize welcome emails, scheduled emails, and the workflow that allows users to sign up for ThoughtSpot from the login page. Refer to Manage email and onboarding settings.

New admin privileges Beta

This release introduces new administrator privileges that separate the abilities of the administrator into 4 specific privileges. For example, you can allow certain users to create and manage users, while not allowing them to manage SAML integration or other advanced settings. These new administrator privileges do not provide access to all data in ThoughtSpot, unlike the Can administer ThoughtSpot privilege. Users with the new privileges can only see data that others share with them. The Can administer ThoughtSpot privilege, which encompasses all 4 new administrator privileges, still appears as an option by default. To remove it, contact ThoughtSpot Support. The 4 new privileges are:

  • Can manage users: Can create, delete, and edit users.

  • Can manage privileges: Can create, delete, and edit groups. This includes the group’s name, sharing visibility, and privileges.

  • Can operate application: Can configure local and SAML authentication. Can manage application settings: search, SpotIQ, and onboarding advanced settings, style and help customization.

  • Can see system information: Can view all default admin data, including system worksheets and pinboards.

    This feature is in Beta and off by default. To enable it, contact ThoughtSpot Support.

RHEL ease of installation

You can now configure a specific admin username for the user who sets up the nodes when deploying on RHEL. Previously, you had to use the default admin username, the 1081 uid, and the 1081 gid.

SAML configuration

When configuring SAML authentication for ThoughtSpot, you can now optionally map the display name subject value in the IDP metadata file to displayName. This ensures that your users' display names in SAML match their display names in ThoughtSpot. For more information, refer to Configure SAML.

Security log collection

This release of ThoughtSpot Cloud enables your security team to collect security audit events based on user activity and ship them to your SIEM application in real-time. You can view logs for the following events:

  • Account logout

  • Answer creation

  • Answer deletion

  • Answer update

  • Failed login

  • Group creation

  • Group deletion

  • Group modification

  • Group principals update

  • Locked account

  • Object sharing

  • Password update

  • Pinboard creation

  • Pinboard deletion

  • Pinboard update

  • Privilege changes

  • Profile change

  • Row level security (RLS) rule creation

  • RLS rule deletion

  • RLS rule modification

  • Successful login

  • Table creation

  • User account creation

  • User account deletion

  • User group change

For further details, see Collect security logs.

UI improvement for Admin Console

This release improves the UI and user experience of the NAS mount, Reverse SSH tunnel, SMTP, Snapshot, Upgrade, and SSL sections of the Admin Console.

Product Usage worksheet

This release introduces a new default worksheet for monitoring product usage. The Product Usage worksheet contains data on the following topics:

  • Specifies what existing worksheets, tables, and views users search on and create objects from, and what those objects are

  • Lists what actions users complete in the product

  • Lists the underlying data sources for any object

  • Lists any object’s dependents

You can search on this worksheet, or create pinboards based on it, to monitor your users' interaction with the product. To access this worksheet, search for Product Usage worksheet from the Data tab, or add it as a source while searching data.

This worksheet is the underlying source for the Object Usage pinboard.

OpenID Connect authentication

ThoughtSpot now supports the OpenID Connect authentication framework for your ThoughtSpot Cloud instances. OIDC adds an identity layer to the OAuth 2.0 protocol and allows clients to verify a user’s identity based on the authentication performed by an authorization server.

To configure OIDC, refer to OpenID Connect authentication.

Supported Upgrade Paths

If you are running one of the following versions, you can upgrade to the 7.1.1.CU1 release directly:

  • 6.3.x to 7.1.1.CU1

  • 7.0.x to 7.1.1.CU1

  • 7.1 to 7.1.1.CU1

This includes any hotfixes or customer patches on these branches.

If you are running a different version, you must do a multiple pass upgrade.

First, upgrade to version 6.3.x, 7.0.x, or 7.1 and then to the 7.1.1.CU1 release.

To successfully upgrade your ThoughtSpot cluster, all user profiles must include a valid email address. Without valid email addresses, the upgrade is blocked.