Community Spring Cleaning week is here! Join your fellow Maveryx in digging through your old posts and marking comments on them as solved. Learn more here!

Alteryx Connect Knowledge Base

Definitive answers from Connect experts.

Managing Users and Permissions in Connect

MattD
Alteryx Alumni (Retired)
Created

Connect Banner.png

User Account Creation

 

Accounts for your Connect instance can be created in multiple ways:

• Allowing users to “Sign Up”

o Email address domain must be in “Allowed Domains”
o Works with Manual, AD, and SAML authentication, though the interfaces are slightly different
o Manual Sign-Up may be disabled with the checkbox in Administration > Connect Configuration > Instance Settings

• An Administrator creates an account

o Not required to supply a password
o Should always supply an email address

• An account is harvested from Tableau Server upon execution of the metadata loader
• An account is harvested from Alteryx Server upon execution of the metadata loader

 

In all cases, the user account will initially be placed into the defaulted permission group.

 

Connect will attempt to consolidate created accounts by email address. Regardless of how the account was created (manual “Sign In”, by an administrator, from the Tableau Metadata Loader, or from the Alteryx Metadata Loader), the account will consolidate if the email exists already within the system.

 

Note: If you have a large number of potential Connect users in Gallery or Tableau Server, it is recommended to first run the respective loader early in your setup process rather than manually creating accounts. In AD Authentication, the email address becomes the key, so the email must line up in order to not duplicate user accounts.

 

User Groups

 

In Alteryx Connect, permissions can be managed individually or with Groups. By default, there are four Groups, which you can find under “People” on the homepage:

 

People.png

 

Groups.png

 

• Administrators

o Add/remove metadata
o Access the Admin configuration panel
o Can add users and permissions


• Certifiers

o Can mark data assets as “Certified” or “Do not Use”. Should also have at least Reader permission


• Contributors

o The initial default Group for new users
o Contributors may edit asset attributes
o Allows social interaction

• Readers

o Allows Viewing
o Allows social interaction

 

Note: You may add new groups, but it is not recommended to delete default Groups.

 

Default User Groups

 

Newly-created accounts will be given a single default permission. By default, that group is “Contributors.”

 

To change the default:
1. Edit “Contributors” group and remove the value “defaultGroup” from the field “Integration Code”. Save after this modification:

 

Default Group.png

 

2. Edit the Group you want to set as the default group, and add the value “defaultGroup” to the field “Integration Code”, and then click “Save”

 

Note: For the most secure configuration, create a new group called “NoAccess”, and set it to be the default group. If you do not grant Viewer rights to this group on the homepage, anyone in this group will default to no access, receiving this message:

 

NoAcess.png

Custom User Groups

 

An Admin can create new groups, which can then be associated with permissions:

1. Navigate to the “Groups” page within “People”
2. Click the orange plus button at bottom right to add a new group
3. Give the group a name and description
4. After saving the group, you can add existing users to the group by editing it and adding the desired user to List of Users > Members, and clicking “Save”:

 

List of Users2.png

 

List of Users3.png

 

Admin saved.png

 

Note: Users may be associated with multiple groups. By nature, the application of permissions are permissive rather than restrictive. Eg: If a user belongs to any group that has “Viewer” capability for an asset, the user will be able to view the asset.

 

Permissioning with Groups

 

Individuals or Groups may be provided with access to different permissions to interact with Connect entity pages. To make a page visible to only a particular group, follow these steps:

1. If you do not already have a custom Group defined, create one within People > Groups. Add at least one user to your Group and “Save”:

 

Create Group 1.png

 

Create Group 2.png

 

Create Group 3.png

 

2. Navigate to a specific asset page, for example, a database table
3. As an Administrator, click the vertical ellipses icon at top right and click “Permissions”:

 

Permissioning Groups 1.png

 

The table at top lists the current effective permissions per action (which are often inherited from parent pages):

 

Permissioning Groups 2.png

 

Below the table you have the opportunity to modify those permissions by specifying the respective Group(s) for each permission; just enter desired Group into the correct permission category and select “Save”:

 

Permissioning Groups 3.png


Note: Permissions impact search results in real-time and permissions are hierarchically applied. If you permission a database schema, all the tables, views, and columns within that schema will be affected.

 

Administrators can see and edit all permissions at any time from the administrative interface under their user icon Administration > Permission Overview:

 

Admin Permission Overview.png

 

For more information please see the Permission FAQ below or our product help for Administering User Accounts in Connect!

 

Permissions FAQ

 

Does Connect transfer or translate permissions from source systems into Connect user permissions?No, Connect doesn’t translate source system permissions to Connect permissions. You may be able to view metadata about an object in Connect that your user can’t view in the source system.
Can an Admin see and edit all the permissions centrally?Yes, in the Permission Overview tab in the Admin console, an Admin can view all permissions and edit the group or asset page they’re associated with.
Are permissions hierarchically applied?Yes, permissions will cascade down to child entities. E.g. If you specify only one group to View a schema, tables within that schema will only be visible to the designated group.
Can group permissions be managed from Active Directory groups?Yes, the ability to import user groups from an Active Directory is included starting in release 2020.2. For details, please see the release notes. https://help.alteryx.com/release-notes/connect/connect-20202-release-notes
Comments
FogoFortitude
7 - Meteor

It is a shame that Group Permissions cannot be managed from Active Directory Groups. Why did Altyerx choose not to do this?

VojtechT
Alteryx
Alteryx

Hi @FogoFortitude ,

 

you are correct. The decision was purely based on prioritisation. Feel free to support the Idea for it: Active Directory groups in Connect

kamanivk
8 - Asteroid

After I completed Tableau loader and harvesting Alteryx Gallery, I see duplicate entries of People.

I observed that each of the duplicate entries have different relationships.

Is there a way to merge the users without losing the relationships?

VojtechT
Alteryx
Alteryx

@kamanivk , I don't think so. But the solution should be based on not getting two users at the first place. Each user's email has to be unique, so I'm wondering if there's an email missing for those coming from one system.. ?? that might even be the reason - Connect is trying to assign to existing users, but if there's no email, it doesn't know how to "pair" these. 

There might be a way how to "move" those relationships from one user to another, but I would consider it only if it's a one time thing. Which I doubt is, because once you get a new owner in Tableau, you suddenly get a new user in Connect and would have to repeat the "merge" steps. 

 

VojtechT
Alteryx
Alteryx

Eventually @PetrH might have some additional insight.

PetrH
Alteryx
Alteryx
kamanivk
8 - Asteroid

@PetrH , @VojtechT Thank you for the updates.

As mentioned in the other thread, I will try Picker option.