Skip to main content

Authentication Patterns

Service Account (Shared) Authentication

By default, all users on an account can access data from a data source using a service account, or shared authentication. Use service account authentication for read-only data sources that do not contain user-specific permissions or systems that lack per-user authentication. For example, if you have a connection to Salesforce with a service account (shared authentication), all user accounts can access the data from the Salesforce account created for that Salesforce connection. Query permissions can be customized for each user to restrict available operations, but all users access the same data under these restrictions.

Per-User Authentication

Certain data sources support the ability to force each user on an account to log in to a connection with their own login credentials. Use per-user authentication to comply with regulatory requirements or for data that varies by user. Per-user authentication ensures that users can only access the data from accounts that they need to access. Furthermore, when a connection is configured in this way, it only counts as a single connection slot toward your account maximum. If a data source supports per-user authentication, a Authentication Model section appears under the Authentication section of the connection settings. Select either Shared Authentication or Per-User Authentication.
Authentication Model
If this feature is not available for a specific data source and you would like it, please contact our support team to request the feature.
The following restrictions apply to this feature:
  • Only administrator users can toggle a data source between Shared Authentication and Per-User Authentication, but users of all roles can log in to a per-user authentication connection with their own credentials.
  • Per-user authentication is not supported when using the OData API. To connect a data source to the OData API, you must use shared authentication.

Table Access

You can control access to the tables in Connect AI at the source or workspace level, as explained below.

On the Edit/Add Connection Page

Note that in the Permissions tab of the connection only allows you to edit the permissions at the connection level. To edit permissions at the workspace level, go to the Users page. When you create or edit a connection, the Permissions tab displays a list of available users and allows you to assign permissions to each one. Permissions are described in the list below:
  • Select: Enables the user to select rows from tables in a connection.
  • Insert: Enables the user to insert rows into tables of a connection.
  • Update: Enables the user to update rows in tables of a connection.
  • Delete: Enables the user to delete rows from tables in a connection.
  • Execute: Enables users to execute stored procedures in a connection.
    Permissions
You can toggle the permissions in two ways:
  • Click an individual box to enable a permission for a single user.
  • Click the top of a table column to toggle that permission for every user.

On the Users Page

To edit a user’s permissions:
1
Click a user in the list, or click the Edit button to open the Edit User page.
User Permissions
2
On the Edit User page, select the permissions allowed for each connection or workspace (select, insert, update, delete, and/or execute). Click the top of a table column to toggle/remove that permission for every connection and workspace.