community Alteryx IO Alteryx.com
alteryx Community
Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Close
Free Trial

Alteryx Designer Desktop Discussions

Find answers, ask questions, and share expertise about Alteryx Designer Desktop and Intelligence Suite.

Schedule from Designer with Credentials ?

sraynal
7 - Meteor
‎03-01-2021 06:08 AM

Hi, 

 

As an Administror I can require users to enter their  credentials before scheduling a workflow on the Gallery : 

steraynal_0-1614606575618.png

 

It works well on the Gallery Schedule, they have to enter their credential :

steraynal_1-1614606733776.png

Then, the workflow is executed on "Run As" mode, with their own user connexions. So users have only access to their data.

 

 

However, they can still Schedule without credential using the Designer / Controller Schedule: 

steraynal_2-1614606950048.png

steraynal_3-1614607049873.png

Without credential, the worklow is executed by a default user, which can cause security problem.

 

 

Two questions :

- Is it possible to require credential when a user schedule a workflow on a Controller (not on gallery) ?

- How to execute a workflow with "Run as" mode on Controller Schedule ? 

 

Kind regards

 

 

 

 

 

 

 

Labels:
Reply
0 Likes
2 REPLIES 2
echuong1
Alteryx Alumni (Retired)
‎03-01-2021 06:23 AM

General users should NOT be accessing the installation of Designer on the Server machine. That is to be used for debugging purposes. Accessing this machine has security risks and you also risk taking away resources from your Server. Given that, users shouldn't be scheduling directly on there either.

 

You are correct in that it would run as the local service account. However, you can set run-as credentials for the Server as a whole in the system settings if needed.

 

echuong1_0-1614608548859.png

 

Reply
sraynal
7 - Meteor
‎03-01-2021 08:03 AM

Hi, 

 

Thanks for this fast answer.

 

"General users should NOT be accessing the installation of Designer on the Server machine."

=> Yes, users don't have access to the server.
They schedule with their client Designer on their own computer (with "Controller" not "Gallery").

 

 

" However, you can set run-as credentials for the Server as a whole in the system settings if needed."

=> Yes, we have set "Run as different user" to a technical account.

 

Let say this account can access to table "Table_01", "Table_02", "Table_03".

When a user schedule, on their designer client, using the Controller, the workflow is run with the technical account.

So the user can get data from "Table_01", "Table_02", "Table_03" even if he has only access to "Table_01".

 

That's a security problem that could be solved by asking users to enter their credential when they schedule a worklow with the Controller.

 

Reply
0 Likes
learn more about the python upgrade coming in may 2024
Labels