Skip to main content

Changes to User Management

This section covers changes between release on the following topics:

  • Authorization to the platform

    • User roles

    • Permissions of roles

  • Required permissions

  • Authentication methods

  • User management

Release 8.7

Workspace admin role can be assigned

Beginning in Release 8.7, users can be assigned the workspace admin role through the Users page.

Note

The Workspace admin role enables users to manage all workspace objects and configuration in the Workspace Settings Page.

The Workspace admin role is separate from the Platform admin role, which allows an admin to access the Admin Settings Page, among other things.

For more information, see Users Page.

Release 8.1

Fine-grained sharing permissions on individual objects

Beginning in this release, you can change the permissions to a shared object for individual users. These fine-grained permissions can be assigned at the time of sharing by the object's Owner or a workspace admin. They can also be changed at a later time.

Note

Workspace-level permissions that are defined through a user's assigned roles still apply. These permissions define the maximum and default level of permissions that can be assigned when an object is shared.

Note

In this release, fine-grained sharing permissions apply to flows and connections only.

For more information, see Overview of Sharing.

Release 7.10

Release 7.9

Manage Users section has been deprecated

All user management functions have been moved to the Workspace Users page. The following configuration items were migrated in this release:

  • Enable Platform admin permission

  • Specify Hadoop principal (if applicable)

  • Specify Kerberos principal (if applicable)

These configuration items were the last ones that were handled through the Manage Users section. Please manage users through the Workspace Users page or the appropriate API endpoints.

Release 7.6

New user management page

The Workspace Users page now centralizes user management tasks in a single dedicated interface.

Warning

Except for some uses, the Users area of the Admin Settings page is no longer needed. It has been disabled by default. See below for details.

For more information on the new page, see Users Page.

You can also explore details of individual users in another new page. See User Details Page.

Users section of Admin Settings page is disabled

Except for the following situations, all user management functions of the Admin Settings page have been migrated to the Workspace Users page. The Users section should be re-enabled for the following situations:

  • Configure user principal values for integration with:

    • Enterprise SSO

    • A Hadoop cluster

    • Kerberos security

  • Configure user accounts for the Alteryx admin role

    Note

    The Alteryx admin role is a super-user role across the entire platform. It should be assigned to a small number of accounts.

Release 7.5

Roles Management

Beginning in Release 7.5, workspace administrators can create and assign roles to workspace users. Each role contains zero or more privileges.

  • A role is a set of privileges that you can assign to workspace users. Workspace users may have one or more roles.

    Note

    Each current user or newly created user is automatically assigned the default role, which grants a set of privileges for all governed object types in the workspace.

  • A privilege is a level of access to a type of user-defined workspace object, such as flows.

Roles are created and assigned through the Roles page in the Admin console. For more information, see Roles Page.

Workspace owner role is removed

As of Release 7.5, the workspace owner role has been removed from user access.

The privileges of this role have been collapsed into the admin role for workspaces, which has full capability to administer the workspace.

Authorization Overview

Workspace roles govern access to workspace objects.

Platform roles govern access to platform capabilities.

For more information on these distinctions, see Overview of Authorization.

Release 7.1

Release 7.1 introduces role-based access controls (RBAC), in which access to Alteryx resources are managed at finer-grained levels. This release introduces the basic RBAC framework and the following key changes.

Note

Over the next few releases, additional capabilities will be added to the basic RBAC framework, enabling administrators to provide better and more closely defined access to objects. Check back to this section with each upgrade.

Workspace admin is a super user

Beginning in Release 7.1, the workspace admin is a super-user of the product.

Note

In this release, the workspace admin user has owner access to user-created objects, such as flows and connections, within the workspace.

A workspace is a set of users and their objects, such as flows and connections. For more information, see Workspace Admin Permissions.

All upgraded Alteryx admins are now workspace admins

Note

If you are upgrading Designer Cloud Powered by Trifacta Enterprise Edition, any Alteryx admin users are now workspace admin users. A single workspace is supported in your instance of Designer Cloud Powered by Trifacta Enterprise Edition. Additional workspaces are not supported.

Note

Any user who is granted the admin role is also granted the workspace admin role, which enables owner-level access to user-created objects in the workspace.

Admin can edit any global connection

After an administrator has made a connection global (available to all users):

  • Any administrator can edit the connection.

  • All users can use the connection (existing functionality)

  • The connection cannot be made private again (existing functionality). Connection must be deleted and recreated.

Logging

Logs from the authorization service may provide insight into access problems. These logs are available for download through the support bundle. For more information, see Support Bundle Contents.

Authorization changes to APIs

Some API endpoints now include information that is specific to the changes in this release for authorization. See Changes to the APIs.