Alteryx Server Discussions

Ariharan · ‎07-03-2023

Hi Team,

We have different service accounts for each country in our Alteryx current setup, which we have configured in the credentials page. Whenever a workflow is published to the gallery, the user will select the credentials for the relevant country, and the workflow will run based on those credentials. The issue we are facing is that we want to use RLS concepts for our workflows, but when we tried to use the GetEnvironmentVariable('User') in the Formula Tool in the local designer, it gave the correct user name, however, when it was run on the server, it gave the service account details rather than the specific user account.

We need to know who is running the workflow from our Gallery Analytics App. The further processing the data to be retrieved from the input will depend on this user who executing the workflow. Is there any way to get the user information from the Gallery in real-time when the workflow is being executed?

We have already looked at an article (https://community.alteryx.com/t5/Alteryx-Server-Discussions/Gallery-authentication-pass-thru-to-work...), but it was not helpful as we don't want to make our MongoDB information available to our users. Could you please provide a working solution for Row Level Security in the Analytics App?

Regards,
Ariharan Rengasamy

ArnaldoSandoval · ‎07-03-2023

Hi @Ariharan

Please take a look/read to this Alteryx's document Save a Workflow to Gallery scroll down to the Set workflow credentials (screenshot below)

When options 2 or 3 are chosen, the workflow run under the credential's access permissions, and probably the function GetEnvironmentVariable('User') will return the expected value (I can not test this part, so you should do the testing in your gallery).

hth

Arnaldo

fmvizcaino · ‎07-03-2023

Hey @Ariharan ,

Unfortunately, there isn`t any other way of getting the userID other than using the __cloud:UserId trick.

Here you have a more detailed tutorial talking about the solution: https://community.alteryx.com/t5/Alteryx-Server-Knowledge-Base/Using-Cloud-UserId-to-capture-the-run...

I understand you have compliance and security concerns. In that case, I suggest creating an encrypted macro containing the MongoDB connection or just a mapping table with userID and names.

Best,

Fernando Vizcaino

Ariharan · ‎07-04-2023

Hi @ArnaldoSandoval ,

Yes. If you select and publish the workflow with individual credentials, the workflow will run using those credentials. Normally we don't allow this as we maintain a service account for all countries and users need to publish their workflows with their respective country credentials.

For example, if you publish an analytics application and you have full permission on the database, if I try to use the analytics application, I have limited access to the table, and after execution results are only derived from the table.

Regards,

Ariharan R

Ariharan · ‎07-04-2023

Hi @fmvizcaino ,

Yes, we are also thinking about that aspect. But sharing MongoDB information with business users raises security questions.

creating an encrypted macro containing the MongoDB connection or just a mapping table with userID and names => Please share the decrypted macro if you have it.?

Regards,

Ariharan R

fmvizcaino · ‎07-04-2023

Hey @Ariharan ,

On the link I shared in my previous post, there is an app for you to download. The text box must be in the workflow itself and everything else can be transformed into a macro.

Best,

FErnando Vizcaino

Alteryx Server Discussions

Alteryx RLS - Analytical app