Alteryx Server Ideas

Alteryx server should support certificate authentication internally within the app (i.e. to the internal MongoDB) rather than password based authentication? this is not User Authentication for Gallery and workflows but the Alteryx Application itself and how it authenticates against the MongoDB.  this would allow it to be installed in Very Secure environments that insist on stronger authentication methods.

I love the gallery data connection feature - we're going through some big systems architecture changes, resulting in new locations for many datasets. Having a single place in the Gallery Admin area to update connection information works beautifully.

We're running into issues with the gallery-hosted data connections when trying to run some apps on our private gallery though. The trouble comes up when the gallery-hosted data connection appears inside a macro that's part of an app. We get an "Unable to translate alias" error when trying to run these types of apps.

If we have an app using gallery-hosted data connections that are outside of a macro, the gallery is able to resolve the connection alias fine and work properly. The issue only appears when the gallery data connection is part of a macro used inside an app.

We use macros a lot in our app development because it allows us to use standard methods for accomplishing common tasks. Using macros also enables us to set up automated testing workflows to make sure our processes produce expected results. As it is, we're unable to take full advantage of the gallery-hosted data connections because they don't work within macros, and instead have to continue using hardcoded connection strings. These are a bigger maintenance burden as our underlying systems evolve and are updated.

Suggested information to be included in audit logs.

A secure audit record of all activities on the system:

1. General user access
2. User creates / modifies / archives / deletes data (ie: history on what the user did)
3. Administrator actions

At minimum the logs should include the following:

1. Unique user identifier
2. Unique data subject identifier
3. Function performed by the users
4. Date/time stamp of what was performed by user

I believe many customers could benefit from this type of audit logging, especially those who are required to obtain specific security certifications for their alteryx deployments.  From what I can see online there does not seem to be out of the box functionality for this. If anyone has implemented any type of audit logging like this please feel free to comment.

Thanks

-Vincent

Hi there,

Please can we extend the support for MongoDB to include MongoDB Enterprise latest versions, and certify at latest version within 3 months of release (both with the connector components, and the server infra)?

Given the deep dependence that Alteryx server has on MongoDB, being current with the latest version is critical (since many enterprises have a policy of moving to the latest version within 6 months, and shutting off old after 12.

https://docs.mongodb.com/manual/release-notes/3.4/

https://docs.mongodb.com/manual/release-notes/3.2/

Mongo 3.2 has been out since Sept 2015, and my understanding is that Alteryx Server is not yet certified for 3.2 - so it may be worth skipping to 3.4 (released 11 Sept 2017).

Many thanks

Sean

It would be GREAT if we could have an optional notes field in the gallery. When many tools are uploaded to a collection, the titles alone are not descriptive enough for end users. I have to publish a separate "menu" for reports that are available in the gallery. In some cases I have to number them. I wish users could just browse for themselves to find the application that is suitable for their use case. 

The only reference I can find to this idea is here : https://community.alteryx.com/t5/Alteryx-Connect-Gallery/Share-Results-in-a-Collection/m-p/231 .  It references that the feature of "sharing workflow results" was "on the Roadmap" in 2014.  I did some searching through the current Ideas page and cannot find anything.  I also reviewed the release notes since Alteryx 10.5 and cannot see that this was added.

A user approached me today with a problem of "Many people need access to the results of this data, and I want everyone to be able to see all the results".  While you could potentially email these results to a specified user set, that would require maintaining both a collection and an email tool in the job, and could potentially cause notification fatigue if users only care when they go to the Alteryx Gallery.  Similarly, results could be saved to a networked location, but that would require a user to go to two locations in order to find this information.

As such, having a toggle that allows users with permission to view a workflow, to also see the results of any/all users, would be huge. 

In Gallery, I'd like to see the execution log in the workflow results, i.e. what you get if you run the workflow from Designer.  I'd like to see this whatever the status of the workflow completion.  Would be useful to assess warnings and the performance of components within the workflow.  Also would give me useful stats about records loaded etc.

Please support SAML 2.0 for gallery

In the Alteryx Gallery UI, it's possible to set up workflow credentials so that a workflow published to the gallery runs as a specific user.  

Unfortunately when that workflow is run from the Alteryx Gallery API, it appears to only ever run as the Alteryx Server Run-As account. 

Our developers in working with this figured out that if they called the (undocumented) API that runs the actual Alteryx Gallery directly, they can achieve what they want, but it seems a risky strategy.

The idea would be:

-Either unify the APIs so that the Gallery itself uses the same API to run workflows as what you present as the "Gallery API" (the eat your own dogfood way)

-Alter the Gallery API to enable us to run as a different workflow credential

Without this, we're forced to permission the run-as account to access anything that uses this method, which in turn then becomes a bit of a security hole (any workflow run will have access to everything that the run-as account uses) 

Organizations using Alteryx Server with an embedded MongoDB can benefit from an option to change the MongoDB User and Admin User passwords.

Current deployments of Alteryx Server allow regeneration of the Controller Token, and for many of the same reasons, the ability to change the MongoDB passwords would be beneficial to customers.

Many organizations rely on a centralized team for daily administration of the Alteryx Server and MongoDB. With the current functionality, when members of this team change positions, they continue to know the MongoDB authentication information indefinitely. Providing organizations with this capability allows them to make the determination of how/when a change is required to mitigate any risk of misuse.

Hi all, Per this thread, it would be helpful if we could have finer control of scheduled jobs in Alteryx Server: https://community.alteryx.com/t5/Publishing-Gallery/Resource-control-on-scheduled-jobs/m-p/61016/hig...

Specifically:

- Dependancies (one job should run after another in a chain)

- lower priority (some jobs should go down the priority queue to allow for others so that high priority jobs are not blocked by other less important ones)

Thank you Sean

I'm really loving the new data connections for 11.0. We have deployed them in a private gallery for our users and it's great. The only drawback is that the server itself cannot easily be configured to use these same credentials. I would like some way for the service account running our jobs on our server to use the data connections from the gallery. I can assign the credentials to that service account just fine, but it never picks them up since it never open up the Alteryx GUI when it's running jobs. This would allow us to have one spot with all of the credentials. Currently, we're going to have 2 locations with all of our credentials that we'll have to make sure stays in sync: 1 in the gallery for the users, and 1 on the sever box for the server.

Thanks!

Would it be possible to specify whether a worker handles scheduled jobs, ad-hoc jobs or both?  Right now it seems that the workers treat both types of jobs the same, meaning that a slew of ad-hoc jobs initiated from the Gallery could slow down jobs that are scheduled to run on a regular cadence.  It'd be great if those scheduled jobs could have a dedicated worker (or workers) and have any ad-hoc jobs handled by a separate worker (or workers) so that the scheduled jobs (which might be more important) are not held up by one-off jobs.

When posting an app to the Gallery, if the app has, say, one PCXML output for the user to see, and one Excel file for the user to download, it would be helpful for to be able to specify which shows first to the user.  For example, I have a PCXML that gives the user summary tables, and instructions on how to go to the drop down above and select the second report, click on the Excel icon, and download it.  But if the Excel report shows up first, then there is no ability to give them instructions and many simply won't be savy enough to go find the PCXML in the drop down.

Currently any workflows/apps published to the gallery can be found via the search function - even when the particular user has no permission to this workflow/app. While this only allows for the non-permisssioned user to see the title, this could still leak information as it allows anyone to find apps published in someone's private gallery.

Both the Alteryx Public Gallery and the Private Gallery product are impacted by this. Additionally this is not just limited to logged in users, but also public viewers of the gallery.

My proposed idea:

1. Force the search function to be permission aware, and only show a user workflows they have permission to see/execute.
2. Allow for option 1 to be enabled/disabled if there are use cases where anyone should be able to search and find any app/workflow on the server.

Best regards,

Ryan

Hi

My idea is to facilitate scheduling through Gallery vs the separate scheduler built into Designer. The reasons for this:

1. The current scheduler authentication with Alteryx server via token is a big security concern. This allows all users to see all schedules, workflows, output logs, etc. for the entire server.  
2. It will better interact with the Alteryx 10 version contol. Current scheduler shows all prior versions in the workflow list.
3. Allow the server/gallery admin to setup scheduling rules. Ex: No scheduling during certain windows (for maintance downtimes), max frequency of scheduling, prevent users from scheduling too many jobs at the same time, user level rules.
4. Allow scheduled workflow output to be retrieved from the "Workflow Results" section by the user who scheduled the workflow. Ex: I schedule a workflow that takes 2 hours to run at 6AM each day, then by the time I arrive at the office at 8AM, I can login to the gallery and download the output. 

Thanks,

Ryan