Hi Community!
We have a question about the best practices for connecting to data sources that have row-level security. Usually, this security is being inherited from Active Directory groups that have been set up.
An example of this is with our EMEA processes. We may want a leader from the UK to run the workflow and get results and data for their country, whereas a leader in Dubai should only see their piece, and then our regional leaders would be able to see all of the EMEA regions - ideally all running the same workflow.
Currently, we have data connections set up for these data sources but probably need to explore other ways to connect to these data sources so that the run-as user is taken into consideration when pulling in the data. We also want to make sure we have:
Let me know if you have been able to accomplish something like this before, and how you went about it. Appreciate the help!
Referring you to a Master: @SeanAdams
Thank you for cross-tagging this @MarqueeCrew !
Hey @elsastark
First thing to confirm - you're not missing something easy and obvious - this is a challenging request in Alteryx currently.
What other applications do is called "kerberos passthrough" or "implicit kerberos" - where the gallery would know that user SeanAdams is logged in; and would pass this information on to the underlying DB which would authenticate as SeanAdams. This has some pros and cons though - namely:
Given that Alteryx does not provide for Kerberos passthrough - you have a few options:
So - sadly there's no easy option - I think that "Run this canvas always with Kerberos Passthrough" would be a very good server idea - and it's worth you logging this under Server Ideas (https://community.alteryx.com/t5/Alteryx-Server-Ideas/idb-p/server-ideas) and tagging Mark and I on that, and we'll support your suggestion and add to that discussion.
Good luck @elsastark - once you have a solution that works, let us know how it goes on this thread so that other folk can learn from your journey?
Have a good week
Sean
Here's another post that deals with the same topic:
Solved: Gallery authentication pass thru to workflow - Alteryx Community
Thanks @SeanAdams for all the info, very helpful to know I'm not missing something obvious!
I posted the idea and will keep you updated on what I figure out in the coming months to help support processes like this.
@elsastark wondered if you ever successfully implemented any of the above suggestions by @SeanAdams ?
@bcawells No - but we are currently looking into using DCM as a way to implement row-level security. We will essentially share the connection information without the credentials then each user will configure their own credentials to attach to the shared credential.
User | Count |
---|---|
6 | |
2 | |
1 | |
1 | |
1 |