User Authentication For Data Sources

Alation Cloud Service Applies to Alation Cloud Service instances of Alation

Customer Managed Applies to customer-managed instances of Alation

In Alation, user authentication for database operations, such as running queries or data upload, depends on the current configuration and can happen in several ways. Operations that require an authenticated database connection are:

  • Running queries in Compose

  • Scheduling queries

  • Running Excel Live reports

  • Running query forms in the Catalog

  • Running Dynamic Profiles for a Table of a Column object in the Catalog

  • Uploading data to the database using the data uploader feature in the Catalog

User authentication methods can be:

  • Basic (username/password), with credentials persistently stored on the Alation server

    • In this case, database credentials that users enter in Compose or the Catalog are stored in the Alation application database. After a user authenticates with a data source, they can use their saved connection credentials for database operation they run later. This is the Persistent Credentials authentication mode.

  • Basic (username/password), **with pass-through-credentials authentication (available from release 2020.4)

    • In this case, database credentials that users enter in Compose or the Catalog are not stored on the Alation server and have to be entered every time users establish a connection to the database. This is the Transient Credentials authentication mode.

  • OAuth

    • OAuth is configured for an individual data source and is available for Snowflake (from version 2020.3) and Azure Databricks (from version 2020.4) data sources. It can be set up for individual data sources by Data Source Admins. For details, see:

Persistent or Transient credentials mode applies to all data sources in the Alation instance. Configuration requires the role of the Server Admin and shell access to the Alation server: Disable or Enable User Credentials Storage