User Authentication For Data Sources¶
Alation Cloud Service Applies to Alation Cloud Service instances of Alation
Customer Managed Applies to customer-managed instances of Alation
In Alation, user authentication for database operations, such as running queries or data upload, depends on the current configuration and can happen in several ways. Operations that require an authenticated database connection are:
Running queries in Compose
Scheduling queries
Running Excel Live reports
Running query forms in the Catalog
Running Dynamic Profiles for a Table of a Column object in the Catalog
Uploading data to the database using the data uploader feature in the Catalog
User authentication methods can be:
Basic (username/password), with credentials persistently stored on the Alation server
In this case, database credentials that users enter in Compose or the Catalog are stored in the Alation application database. After a user authenticates with a data source, they can use their saved connection credentials for database operation they run later. This is the Persistent Credentials authentication mode.
Basic (username/password), **with pass-through-credentials authentication (available from release 2020.4)
In this case, database credentials that users enter in Compose or the Catalog are not stored on the Alation server and have to be entered every time users establish a connection to the database. This is the Transient Credentials authentication mode.
OAuth
OAuth is configured for an individual data source and is available for Snowflake (from version 2020.3) and Azure Databricks (from version 2020.4) data sources. It can be set up for individual data sources by Data Source Admins. For details, see:
Persistent or Transient credentials mode applies to all data sources in the Alation instance. Configuration requires the role of the Server Admin and shell access to the Alation server: Disable or Enable User Credentials Storage