Configure Access to Curation Automation

Alation Cloud Service Applies to Alation Cloud Service instances of Alation

As a Server Admin or Catalog Admin, you control who can use Curation Automation. By default, only Server Admins and Catalog Admins can use it. You can also grant access to specific non-admin users so they can create and run their own curation rules. A non-admin user you grant access to is called a delegated user, and the access you give them is delegated access. Each delegated user manages only the rules they create, and every rule runs within that user’s existing Alation permissions.

This topic explains how you grant, scope, and revoke access, and how rule ownership works. For how Alation enforces field and object permissions when a rule runs, see Configure Permissions for Curation Automation.

Understand Access Eligibility

Access depends on the user’s Alation role. For details on roles, see Understanding Alation Roles and License Types.

  • Server Admins and Catalog Admins already have access.

  • Source Admins, Stewards, and Composers can be granted access from the Settings tab.

  • Explorers and Viewers cannot be granted access.

The Settings tab is visible to Server Admins and Catalog Admins only. Delegated users see two tabs in Curation Automation, Overview and Curation Rules, while Server Admins and Catalog Admins also see the Settings tab.

Until a user is granted access, they do not see the Curation Automation tile on the Governance page, and opening a Curation Automation URL directly shows a permission error page.

Grant Access to a User

  1. Click the Curate and Govern icon in the left navigation panel, then select Curation Automation from the Curate section.

  2. Select the Settings tab.

  3. In the Can create and run rules section, click + Add.

  4. Search for and select the user. The search lists only users with a Source Admin, Steward, or Composer role. Users who already have access are not listed.

Alation grants the user access and shows a confirmation message.

The user now sees the Curation Automation tile on the Governance page and can create and run their own rules.

Note

If you try to add a user whose role is not eligible, Alation shows a message explaining that only Composers, Source Admins, and Stewards can be granted access.

Limit a User to Assigned Objects

For each delegated user, you can restrict their rule runs to objects they steward:

  1. On the Settings tab, locate the user’s row.

  2. Select the Limit to assigned objects checkbox.

When this setting is enabled, the user can only run rules on objects where they, or one of their groups, are an assigned steward. Objects they do not steward, and objects that have no steward assigned, are skipped during execution. The setting saves automatically and persists across sessions. To remove the restriction, clear the checkbox.

Note

Limit to assigned objects applies in addition to the field and object permission checks described in Configure Permissions for Curation Automation. Both filters apply independently on the same rule run. This setting does not apply to Server Admins or Catalog Admins.

Review Role Eligibility

A user keeps delegated access only while their role remains eligible. If a delegated user’s role is later changed to Explorer or Viewer, their row on the Settings tab shows a Role ineligible indicator. Hover over the indicator to see an explanation that the role no longer qualifies for access until it is restored.

While a user’s role is ineligible:

  • They lose access to Curation Automation, even though their row remains on the Settings tab.

  • Their rules are not deleted and remain manageable by admins.

When the user’s role is restored to an eligible role, the Role ineligible indicator disappears and their access is restored.

Revoke Access from a User

  1. On the Settings tab, locate the user’s row.

  2. Click the remove (X) icon on the right of the row.

  3. If the user owns one or more rules, Alation shows a confirmation dialog that includes the number of rules they created and explains that those rules remain and can be managed by admins. If any of those rules have an active schedule, the dialog also lists those rules by name and warns you that their schedules will stop running automatically. Click Remove to confirm, or Cancel to keep the access. If the user owns no rules, Alation revokes access immediately without a confirmation dialog.

Alation shows a confirmation message.

When you revoke access:

  • The user immediately loses access to Curation Automation.

  • Their rules are not deleted and remain manageable by admins.

  • Any active schedules on their rules are disabled. The schedule configuration is preserved but does not run. You can manually re-enable scheduling for these rules afterward. Re-granting access does not automatically re-enable schedules.

Understand Rule Ownership

Rule ownership is fixed system behavior. It cannot be configured by admins or users.

  • A delegated user has full control over the rules they created. They can edit, run, activate or deactivate, schedule, and delete their own rules.

  • A delegated user can see all rules in the Curation Rules list, including rules created by others. The edit, run, activate or deactivate, schedule, delete, and download report controls are disabled for rules they did not create. Those rules are read-only for the user. For a rule they did not create, the Download button on the run report is disabled and shows the tooltip You can only download reports for rules you created.

  • Server Admins and Catalog Admins can edit, run, schedule, and delete any rule, regardless of who created it.