community Alteryx IO MyAlteryx
alteryx Community
Search
This Board
  • Global Community
  • This Category
  • This Board
  • Knowledge
  • Users
 cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Close
Free Trial

Alteryx Designer Desktop Discussions

Find answers, ask questions, and share expertise about Alteryx Designer Desktop and Intelligence Suite.

Schedule from Designer with Credentials ?

sraynal
7 - Meteor
‎03-01-2021 06:08 AM

Hi, 

 

As an Administror I can require users to enter their  credentials before scheduling a workflow on the Gallery : 

steraynal_0-1614606575618.png

 

It works well on the Gallery Schedule, they have to enter their credential :

steraynal_1-1614606733776.png

Then, the workflow is executed on "Run As" mode, with their own user connexions. So users have only access to their data.

 

 

However, they can still Schedule without credential using the Designer / Controller Schedule: 

steraynal_2-1614606950048.png

steraynal_3-1614607049873.png

Without credential, the worklow is executed by a default user, which can cause security problem.

 

 

Two questions :

- Is it possible to require credential when a user schedule a workflow on a Controller (not on gallery) ?

- How to execute a workflow with "Run as" mode on Controller Schedule ? 

 

Kind regards

 

 

 

 

 

 

 

Labels:
Reply
0 Likes
2 REPLIES 2
echuong1
Alteryx Alumni (Retired)
‎03-01-2021 06:23 AM

General users should NOT be accessing the installation of Designer on the Server machine. That is to be used for debugging purposes. Accessing this machine has security risks and you also risk taking away resources from your Server. Given that, users shouldn't be scheduling directly on there either.

 

You are correct in that it would run as the local service account. However, you can set run-as credentials for the Server as a whole in the system settings if needed.

 

echuong1_0-1614608548859.png

 

Reply
sraynal
7 - Meteor
‎03-01-2021 08:03 AM

Hi, 

 

Thanks for this fast answer.

 

"General users should NOT be accessing the installation of Designer on the Server machine."

=> Yes, users don't have access to the server.
They schedule with their client Designer on their own computer (with "Controller" not "Gallery").

 

 

" However, you can set run-as credentials for the Server as a whole in the system settings if needed."

=> Yes, we have set "Run as different user" to a technical account.

 

Let say this account can access to table "Table_01", "Table_02", "Table_03".

When a user schedule, on their designer client, using the Controller, the workflow is run with the technical account.

So the user can get data from "Table_01", "Table_02", "Table_03" even if he has only access to "Table_01".

 

That's a security problem that could be solved by asking users to enter their credential when they schedule a worklow with the Controller.

 

Reply
0 Likes
inspire session catalog
view community live events
Labels
Top Solution Authors
View All