Understand Query Access¶
Alation Cloud Service Applies to Alation Cloud Service instances of Alation
Customer Managed Applies to customer-managed instances of Alation
Applies from 2023.1
With granular query permissions, you must have access to the underlying data source and be granted permission to the query itself before you can access a query. You must also have an appropriate user role to run or edit a query. Depending on how your Alation instance is configured, queries may only be accessible if they are published.
The factors that determine access and permission for a query are described below.
Data Source Access¶
Data sources can be public or private. Public data sources are visible to everyone in Alation—anyone can view the data source catalog page and its data objects and metadata. Private data sources are visible only to Server Admins and users explicitly granted access. See Access Tab for more information about granting access to private data sources.
If you are granted access to a query on a private data source that you don’t have access to, you will be unable to see the query. You must have access to both the query and the underlying data source.
Server Admins can view all queries on private data sources even if they haven’t been granted access to the query or the data source.
Individual Query Access¶
With granular query permissions in 2023.1 and later, there are five levels of access to individual queries:
No Access
View Access
View and Run Access
View, Run, and Edit Access
Owner Access
The following table shows the actions available for each access level. Server Admins have special access permissions for all queries, even if they haven’t been explicitly granted access.
Action |
No Access |
View |
View & Run |
View, Run, & Edit |
Owner |
Server Admin |
|---|---|---|---|---|---|---|
Find the query with search |
|
|
|
|
|
|
View the query schedule in search |
|
|
|
|
|
|
View the query catalog page |
|
|
|
|
|
|
View the query form page |
|
|
|
|
|
|
Share a link to the query (doesn’t change access levels) |
|
|
|
|
|
|
View the query in Compose |
|
|
|
|
|
|
View major versions in its version history in Compose |
|
|
|
|
|
|
Clone the query |
|
|
|
|
|
|
Request edit access to the query |
|
|
|
n/a |
n/a |
|
Run the query |
|
|
|
|
|
|
Run the query form |
|
|
|
|
|
|
Run the explain function for the query |
|
|
|
|
|
|
Download an Excel Live Report |
|
|
|
|
|
|
Edit the query |
|
|
|
|
|
|
Publish and unpublish the query |
|
|
|
|
|
|
View the query when it’s unpublished and visibility of unpublished queries is turned off |
|
|
|
|
|
|
View unpublished changes to the published query |
|
|
|
|
|
|
View minor versions in the version history and restore older versions |
|
|
|
|
|
|
Change access settings for the query |
|
|
|
|
|
|
View the query’s schedule in Compose |
|
|
|
|
|
|
Change the query’s schedule |
|
|
|
|
|
|
Delete the query |
|
|
|
|
|
|
Transfer ownership of the query |
|
|
|
|
|
|
Some things to keep in mind:
Owner access is automatically granted to the person who created a query.
If you have no access to a query and you try to open the query by typing in the address or following a link, you’ll get a message saying you’re not allowed to access the query.
If you previously had run access but no longer do, you’ll still be able to view your past query execution results, but you’ll lose access to the data in an Excel Live Report if you refresh it.
If you give edit access to multiple people, you can collaborate and share editing responsibilities. See Take Turns Editing a Query for more information.
For help changing access to a query, see Change Access to a Query.
Unpublished Query Access¶
With granular query permissions in 2023.1 and later, by default, both published and unpublished queries are visible to any user with view access to the query. The only difference is that unpublished queries are a little harder to find by searching.
It is possible to turn off visibility for unpublished queries. You can turn off visibility of unpublished queries everywhere or just for specific data sources. When visibility of unpublished queries is turned off, unpublished queries will be hidden completely unless you have edit or owner access to the query. Server Admins will not be able to see them.
See Change Visibility of Unpublished Queries for instructions.
Important
In version 2022.4 and earlier, if the visibility of unpublished queries is turned off, users can be added as viewers for the query and still see it in the catalog.
In version 2023.1 and later, if the visibility of unpublished queries is turned off, unpublished queries will be completely hidden to everyone except those with edit or owner access. Those with view or run access won’t be able to see the query.
To ensure users can continue to view a previously unpublished query in 2023.1, give them view access (or higher) and publish the query. To hide the query from other users, set the default access to No Access. See Change Access to a Query for details on giving people access to queries.
User Role¶
Your user role may limit how you can interact with a query.
The Viewer role can’t use Compose or query forms.
The Explorer role can’t use Compose.
To run or edit a query, you must have run or edit access to the query and an appropriate user role. You must be an Explorer or higher to run queries, and you must be a Composer or higher to edit queries.