Hi everyone,
We have started using alteryx server with the bulk of our data being in Snowflake. With the version of Server we are using it seems we cannot use gallery connections with In-Database nodes. I am not sure why this is the case. I searched on line and it seems to be by design. Any idea if this is something that will be changing soon (or maybe already have been changed)?
How is everyone dealing with this? Individual users can only access our Snowflake instance via SSO so it is not possible to create a flow in designer and publish it on the server at the moment without sharing service account logins and passwords with individual users.
Many thanks,
Hey @g_tsolakis_three ,
As a workaround, you could have indb files in a shared folder as a centralized space for your indb connections for both designer and server.
BEst,
FErnando Vizcaino
Many thanks @fm
Looks like a good workaround but not sure how we will then deal with different access levels for different users. We have quite a few different snowflake roles. We are also going to struggle to have a shared folder for both users and the server due to security constraints but I think I have a workaround for this.
Any idea why gallery connections can't be used with In-Database? It seems really strange.
I will try to see if I can make this work. Many thanks again!
@g_tsolakis_three maybe I am not understanding the question, but you should be able to use In-DB on Server. You want to make sure you have the credentials on server and that you package the INDBC file when saving up to Server.
And to @fmvizcaino point, shared network drive may be an option in which you could have a global connection folder along with subfolders of connections to restrict user or group access.
Additionally, INDBC file on a network UNC file share location can be governed by Windows permission or GPO. This may work for your team since Designer users usually run workflows under their own accounts. This security model can be applied on Server as well. You just need to configure Server workflows set to "Run As" so that the workflow executions runs as executing Windows user, which will grant access to that same share location.
Hopefully this helps put you on the right path.
@gyang3 thank you for your response.
I will try to explain a bit better. Alteryx is providing gallery connections to allow governance of what shared data sources users can easily access. It was one of the reasons we decided to go with it. So when a user wants to connect to a specific shared data source, a curator can grant them access to it without handing over login/pass information, files, tokens etc.
It seems this functionality does not cover In-Database connections which is another reason we invested in Alteryx. This means that users have to either a) not use In-Database nodes and bring vast amounts of data into their desktops (or the server), or b) request for credentials or access to a file/token that gives them access to the In-Database connection but they can also freely share with others.
We investigated the shared folder approach and we cannot find a good way to govern it as all users will be able to see all connections unless we do something really complex via AD.
I was hoping this was something that was addressed in more recent versions but it seems it hasn't. We will probably have to park our Alteryx rollout until this and a few other limitations are addressed.
Many thanks again.