Additional Service Account Credentials¶
Alation Cloud Service Applies to Alation Cloud Service instances of Alation
Available from Alation version 2026.4.1.0
Overview¶
Additional service account credentials let Data Source admins create named credential sets that Alation application such as Data Quality use to connect to a data source. Each service account stores its own connection credentials independently of the primary data source connection, and can be scoped to specific applications and restricted to specific users or groups.
Use this feature when you need to:
Provide dedicated credentials for Data Quality monitor execution separate from the primary data source credentials.
Control which users or groups can execute monitors or queries through a given service account.
Prerequisites¶
Before configuring additional service accounts, ensure:
You have the Data Source Admin access level on the target data source.
The data source uses an OCF connector that supports JDBC connections.
The feature flag
Enable Service Accounts for Data Sourcesis enabled on your instance. See Enable the Additional Service Accounts Feature section below.You have the credentials (username/password, key pair, OAuth, AWS IAM, or GCP service account) you want to configure for the service account.
Enable the Additional Service Accounts Feature¶
To enable this feature flag:
Go to the Admin Settings page.
Under Customization, click Feature Flags.
Go to Data Sources & Connectors section, find the Enable Service Accounts for Data Sources flag, and toggle it on.
Click Save.
Create a New Service Account¶
Step 1: Access the Service Accounts Tab¶
To access the Service Accounts configuration page:
Open the data source catalog page.
Go to Settings > General Settings.
Select the Additional Service Accounts tab at the top of the General Settings section.
The Service Accounts panel displays a master-detail layout:
Left panel: Lists all configured service accounts with their connection status.
Right panel: Shows the detail form for the selected service account.
Step 2: Create a New Service Account¶
To create a new service account:
In the detail panel, enter a Service Account Name.
Optionally, modify the Connection URI or leave it inherited from the primary data source settings.
Configure the authentication credentials using one of the supported methods:
Basic Auth — Username and password.
Key Pair — Private key and optional passphrase.
OAuth 2.0 — Not supported.
AWS IAM — Not supported.
GCP service account — Not supported.
Under Access Control, specify which users or groups can use this service account. Leave the field empty to allow all users.
Under App Scope, select which Alation applications can use this service account:
Data Quality — Allows Data Quality monitors to use this account for execution.
Data Products — Allows Data Products to use this account for queries.
Click Test connection.
Connection verified — The credentials are valid and the connection succeeded.
Connection failed — Check the credentials and try again.
Click Save.
Manage Service Accounts¶
Edit a Service Account¶
Perform the following steps to edit an existing service account:
Select the service account that you want to edit from the list on the left.
Modify any fields in the detail panel.
Click Save.
Delete a Service Account¶
Perform the following steps to delete an existing service account:
Select the service account that you want to delete from the list.
Click Delete in the top-right corner of the detail panel.
Click Delete to confirm the deletion in the dialog.
Warning
Deleting a service account permanently removes its credentials. All connections and applications currently using this account will lose access.
How Applications Use Service Accounts¶
Data Quality¶
When a Data Quality monitor is bound to a service account, the monitor uses the service account credentials instead of the primary data source credentials during execution. The user running the monitor must have access to the service account as defined in the Access Control settings. See Data Quality Monitor Service Accounts for more details.