Understand Query Access

Alation Cloud Service Applies to Alation Cloud Service instances of Alation

Customer Managed Applies to customer-managed instances of Alation

Applies from 2023.1

With granular query permissions, you must have access to the underlying data source and be granted permission to the query itself before you can access a query. You must also have an appropriate user role to run or edit a query. Depending on how your Alation instance is configured, queries may only be accessible if they are published.

The factors that determine access and permission for a query are described below.

Data Source Access

Data sources can be public or private. Public data sources are visible to everyone in Alation—anyone can view the data source catalog page and its data objects and metadata. Private data sources are visible only to Server Admins and users explicitly granted access. See Access Tab for more information about granting access to private data sources.

If you are granted access to a query on a private data source that you don’t have access to, you will be unable to see the query. You must have access to both the query and the underlying data source.

Server Admins can view all queries on private data sources even if they haven’t been granted access to the query or the data source.

Individual Query Access

With granular query permissions in 2023.1 and later, there are five levels of access to individual queries:

  • No Access

  • View Access

  • View and Run Access

  • View, Run, and Edit Access

  • Owner Access

The following table shows the actions available for each access level. Server Admins have special access permissions for all queries, even if they haven’t been explicitly granted access.

Action

No Access

View

View & Run

View, Run, & Edit

Owner

Server Admin

Find the query with search

View the query schedule in search

View the query catalog page

View the query form page

Share a link to the query (doesn’t change access levels)

View the query in Compose

View major versions in its version history in Compose

Clone the query

Request edit access to the query

n/a

n/a

Run the query

Run the query form

Run the explain function for the query

Download an Excel Live Report

Edit the query

Publish and unpublish the query

View the query when it’s unpublished and visibility of unpublished queries is turned off

View unpublished changes to the published query

View minor versions in the version history and restore older versions

Change access settings for the query

View the query’s schedule in Compose

Change the query’s schedule

Delete the query

Transfer ownership of the query

Some things to keep in mind:

  • Owner access is automatically granted to the person who created a query.

  • If you have no access to a query and you try to open the query by typing in the address or following a link, you’ll get a message saying you’re not allowed to access the query.

  • If you previously had run access but no longer do, you’ll still be able to view your past query execution results, but you’ll lose access to the data in an Excel Live Report if you refresh it.

  • If you give edit access to multiple people, you can collaborate and share editing responsibilities. See Take Turns Editing a Query for more information.

For help changing access to a query, see Change Access to a Query.

Unpublished Query Access

With granular query permissions in 2023.1 and later, by default, both published and unpublished queries are visible to any user with view access to the query. The only difference is that unpublished queries are a little harder to find by searching.

It is possible to turn off visibility for unpublished queries. You can turn off visibility of unpublished queries everywhere or just for specific data sources. When visibility of unpublished queries is turned off, unpublished queries will be hidden completely unless you have edit or owner access to the query. Server Admins will not be able to see them.

See Change Visibility of Unpublished Queries for instructions.

Important

In version 2022.4 and earlier, if the visibility of unpublished queries is turned off, users can be added as viewers for the query and still see it in the catalog.

In version 2023.1 and later, if the visibility of unpublished queries is turned off, unpublished queries will be completely hidden to everyone except those with edit or owner access. Those with view or run access won’t be able to see the query.

To ensure users can continue to view a previously unpublished query in 2023.1, give them view access (or higher) and publish the query. To hide the query from other users, set the default access to No Access. See Change Access to a Query for details on giving people access to queries.

User Role

Your user role may limit how you can interact with a query.

  • The Viewer role can’t use Compose or query forms.

  • The Explorer role can’t use Compose.

To run or edit a query, you must have run or edit access to the query and an appropriate user role. You must be an Explorer or higher to run queries, and you must be a Composer or higher to edit queries.