We have extended our Early Bird Tickets for Inspire 2023! Discounted pricing goes until February 24th. Save your spot!

Alteryx Designer Discussions

Find answers, ask questions, and share expertise about Alteryx Designer and Intelligence Suite.

Custom Tableau Output Tool - Avoiding Embedding Credentials

9 - Comet

Hello! I am trying to solve a company-wide problem of not wanting our users to embed their passwords in workflows that have the Tableau Output tool that publishes their data to Tableau Server. 


I have come up with these assumptions:

  • Creating a service account (svc4alteryx) that is used to publish any data sources from Alteryx to Server. This helps so that we are not using extra Tableau licenses (a service account per team).
  • That service accounts gets added to any sites where people want to publish from Alteryx to Tableau.
    • But I need to make sure developers from Site B can't publish data sources to Site A. So, I will need to still authenticate if the person running the Alteryx flow can publish to that spot in Tableau Server they are pointing to. 


I would modify the Tableau Output tool to:

  • Check who is running the Alteryx workflow (don't need their password) and if that person has access to publish to where they are trying to publish on Tableau Server (much of this logic is already in the Tableau Output tool on how it authenticates users in Tableau Server)
  • If the person has access to publish to that place in Tableau Server, then it uses the hardcoded credentials of the service account to publish to that place in Tableau. (Again much of this logic is already in the Tableau Output tool but instead of passing the user credentials we would hardcode the svc account and password and encrypt the macro)
  • Write a log of who published where using this new macro for auditing purposes.


This would greatly help us as it is making sure we aren't embedding passwords, having someone publish to something that they don't have access to publish (Developer A builds workflow with their embedded password but Member B who is running it on Gallery does not) or dealing with expired passwords inside of workflows.


This is also not just a Publish to Tableau problem, we are looking into developing something like this with many of our input/output tools (Power Platform, One Drive, etc.)


Has anyone tried something like this before or think that I am missing something?