Alteryx Designer Desktop Discussions

Hi @pierrebocq 

Indeed it is a tricky question, based on your initial post, it seems you are already familiar with Locking workflows and macros, which is fine, but they might not be the way to go as you are finding out.

Alteryx Designer is an ETL tool able to reach and load data from any resource the developer has access to (these could be data bases and file system folders); Alteryx Designer by itself does not have many security features to be applied to the data it is processing, by example, once we get the logic credentials to a database, we can load data from it with the only limitation the account was given by the DB Administrators, Alteryx has little to say; the same could be said about folders, when we develop workflows we load data (Excel, CSV, etc) from folders we can access, once again, Alteryx does not have commands to handle those access.

The previous paragraph give us an idea of the power and vulnerabilities Alteryx workflows have, its security model has little dependencies on the Alteryx Designer, although this change a little bit on the Gallery or Alteryx Server.

When we develop solutions with Alteryx Designer we must be aware of the security constraints the data incorporates into the workflow, it is not the same when we process HR, Finance, Customer, Products, etc; within each of these modules there are peculiar rules, by example Personal Information, some of our workflows process this sort of information, although, not everybody in the organization has the authority level to view or work with this data; here the developer, his team ans stakeholder must be on the same page, and enforce privacy rules on the data, perhaps the simplest of these rules are:

• The Alteryx workflows we develop use departamentalised accounts; one for HR, another for Payroll and so on.
• Certainly we can grant access to the resources of each department, e.g. HR, Payroll, etc to our account, although this practice is risky, as it could expose the data into the wrong team.
• The Alteryx Server help us to enforce the previous point, the server usually run the workflows under a service account, granting access to all the resources perhaps is not a good idea, once again, we should be aware of data privacy and the risk the output of our workflows find their way out of the corporate building.
• Alteryx Server feature Collections, Districts, Studios, etc to manage some of the security perculiarities, We could create a collection for HR and another for Payroll, assigning the users who can access them; workflows designed to run in the HR collection should not have access to Payroll data (by example).
• Alteryx Server allows us to publish workflows assigning login credentials, with this feature the "HR Manager" will be able to generate reports with data only available to him or her, 

If we disregard the security facilities available within Alteryx Designer and Alteryx Server, we may end with "super workflows" with access to too much data, "The workflow who knew too much" (like the movie).

Hope that my notes here help you to get a better understanding of some of the security challenges we face with Alteryx.

Arnaldo