community Alteryx IO Alteryx.com
alteryx Community
Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Close
Free Trial

Alteryx Server Discussions

Find answers, ask questions, and share expertise about Alteryx Server.

Capturing who is running a workflow within the workflow being ran on Gallery

elsastark
10 - Fireball
‎04-11-2022 11:53 AM

Hello Community!

 

We have started to get into more and more complex logic where one of our challenges is determining who is running a workflow not just afterward, but while the workflow is being run.

 

We have some processes (usually for security reasons) where we want to understand who is running the workflow and use that to determine what happens with the workflow. In our ideal world, it would be something we can reference easily like the Workflow Constants so it would be something like %Engine.RunAsUser%. 

 

An example of this is we want to determine if that person has access to write to our data lake through our data lake APIs - but to do that we need to pass in the person's employee ID. We don't want to ask the employee for that ID through Interface tools because that isn't secure (Employee A could put Employee B's ID). 

 

I have a potential solution of using the _cloud:UserId value to get someone's User ID then joining that up with the users table within Mongo but wanted to see if anyone has found a simpler solution.  

 

 

 

Reply
11 REPLIES 11
carlosteixeira
15 - Aurora
15 - Aurora
‎04-29-2022 08:18 AM

Hi @mercra 

In my workflow, I don't check who runs it, just who owns the workflow, and that owner might not be the user who ran the workflow.

 

If you wanna check who runs the workflow you need to take a look if have this information on MongoDB.

 

I never thought about it earlier.

 

 

Carlos A Teixeira
Reply
0 Likes
elsastark
10 - Fireball
‎05-31-2022 08:32 AM

An update, the closest solution we have right now is: 

  • Capture the user clicking Run on Gallery by using the __cloud:UserId trick
  • Having the workflow published with the credential settings "User must specify their own credentials"
  • Inside of an encrypted macro, using the whoami function with a Command tool to identify the RunAs User of Alteryx
  • If whoami and the __cloud:userID are the same person, then we allow the next steps otherwise we stop the run
Reply
learn more about the python upgrade coming in may 2024
Labels