Alteryx Designer Desktop Discussions

Hi @Plunketj 

Edit:  I just reread your post and saw that you already have a way to extract the user info.  In this case skip to step 2 below dealing with wrapping the output tools in macros.  This still won't handle events however. 

This is a very complex problem since Alteryx tools are built to use hard-coded connection details.  This makes them more versatile, since the Alteryx Engine doesn't have to deal with multiple possible authentication schemes itself and can just  leave those details to the user.  It also makes them more difficult to maintain with organizations implementing stricter security measures like password rotation.

One way to deal with this is to delegate.  That's the method used by the input and output tools when connecting to major databases.  The database drivers are already configured to pass the user credentials to the databases which can use AD authentication(if configured that way) to handle all permissions issues.  On the workflow side, Alteryx passes the db connection string to the drivers and the authentication details become "someone else's problems".  When users change their passwords, all the details are handled by the driver and OS and the workflow continues to work.      

You can use this mechanism to work around the Tableau issue.  Instead of writing directly to Tableau data sources, write to database tables and configure the dashboards to read from the tables.  Tableau implements AD authentication as well, so password change problems are handled by the db and Tableau.  It does involve more work up front to set up the tables in your db, but it may be worth the tradeoff of not having to update all the workflows every 3 months 

For the email tools and if the tableau workaround is not feasible, the issue boils to two questions.  

1. Is it possible to get the UN/PW from the password manager?  This is dependent on the specific password manager and the ways that are available to extract the information from it programmatically.  This needs to be a pull process.  You workflow needs to connect to password store and extract the information.  There is no way, that I'm aware of, that the information can be pushed to the workflows since the password information in the workflows is encrypted.   

2. How do you get the passwords into the output tools?  Once you get passwords out of the vault, you can wrap your output tools in macros and pass the password information in as control parameters.  Inside the macro use an action tools to replace the password value with the value from the control parameter.  Note that this will only solve the issue for the tools.  The events are handled outside of the main workflow and there is no way to programmatically change them.  

Dan