Advent of Code is back! Unwrap daily challenges to sharpen your Alteryx skills and earn badges along the way! Learn more now.
community Alteryx IO Mission Control
alteryx Community
Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Close
Free Trial

Alteryx Designer Desktop Ideas

Share your Designer Desktop product ideas - we're listening!
Submitting an Idea?

Be sure to review our Idea Submission Guidelines for more information!

Submission Guidelines

Data Connection - More Specific Permissioning for Using Data Connections

Status: Accepting Votes Submitted by on ‎01-18-2022 09:51 AM
4 Comments (4 New)

The Problem: Sometimes we are developing workflows where we use a data connection that the developer has access to but not necessarily the people running the workflow do.

 

For example,

  • A workflow is pulling from one database to another, with some specific transformations. 
    • This workflow is used by many people, some have Designer for other purposes.
    • The workflow also writes to a log table, documenting different parts of the workflow for auditing purposes.
      • This log table is not something that the people running the workflow should have access to write to other than when running this workflow
      • This log table outputs using a data connection so that it is not embedding passwords (a company-wide best practice)
      • For someone to run this workflow with this set up, they would need access to this log table's data connection
    • If the log table data connection is shared to that group of users, now any of the users with Designer can go write whatever they would like to that table since that data connection has access to. 
    • This also makes the log table unsecure for auditing purposes.

 

The SolutionWe are looking for a way to have a data connection in a workflow without giving all of the running users full access to use that connection in their workflows. Almost a proposal of two tiers of permissions:

  • Access to use a data connection in a workflow you are running
  • Access to use a data connection in a workflow you are building

 

 

 

4 Comments
MattBenj
9 - Comet
‎02-11-2022 12:36 PM

@elsastark My organization recently upgraded and ran into this exact same issue. I was working on an idea that would allow you to choose if a user or group had access to a connection in Designer, Gallery, or both. Here are some mock ups I was working on.

Custom Group Sample.PNGUsers Sample.PNG

petrl
Alteryx
Alteryx
‎05-02-2022 02:47 AM

Hi @MattBenj@elsastark,

we're currently investigating additional connection sharing options using the recently introduced Data Connection Manager (DCM) and I'd like to confirm with you.

 

From Elsa's initial comments, it's not clear whether the preferred platform would be the Desktop Designer or Server/Gallery. I believe that the "Gallery" sharing as suggested later would already be in place as users should be able to share a connection with a particular set of users/groups which would allow them to run workflows using that connection only on the Server, without the option to use the connection in custom workflows.

The problem we see in having that functionality available in Designer Desktop is that it would require read-only access to workflows locally, preventing users from changing the workflow and writing anything they want into the log table in your example. What would be your thoughts on this?

 

Connections shared and accessed from Designer is something we're currently looking into, but again, we're revolting our ideas around Alteryx Server / Gallery usage, as we believe Server should be the best solution for collaboration. Would something like that support your setup as well, @elsastark?

elsastark
10 - Fireball
‎06-17-2022 06:16 AM

Hi @petrl - Thanks for commenting. 

 

Yes, the issue happens at the Designer level. Here is a basic scenario: 

  1. User A develops a workflow in Designer that uses a Gallery connection to write logs out to Database XYZ. 
  2. User A publishes workflow to Gallery and shares it with User B to run. User B must now be granted access to the Gallery connection for Database XYZ or they will get an error when running.
  3. Now, because they have been granted access to the Database XYZ Gallery data connection, when User B is developing workflows in Designer they now have the power to write to those same tables that User A wrote to.  

This is where I would like some sort of almost 'Run-Only' type setting with data connections where a user can access them but only when running workflows, not developing. Or to your point - can only use them while in Gallery, not Designer.

AlteryxCommunityTeam
Alteryx Community Team
Alteryx Community Team
‎08-31-2022 05:34 PM
Status changed to: Accepting Votes
 
Labels