Enabling and disabling pass-through authentication in Watson™ Query
When pass-through authentication is enabled in Watson Query, users can use their own personal platform connection credentials when they import and use connections to data sources.
Before you begin
To complete this task, you must be the user that provisioned this service instance or have the Watson Query Admin role. For more information, see Watson Query roles.
About this task
Tech preview This is a technology preview and is not supported for use in production environments.
4.6.0 In Cloud Pak for Data version 4.6.0, pass-through authentication is disabled by default.
4.6.2 or later In Cloud Pak for Data version 4.6.2 or later, pass-through authentication is enabled by default.
When pass-through authentication is disabled, the shared credentials for one account are used for every query, regardless of which user is connected and running the query. When a user creates a platform connection that uses personal credentials and then adds it to Watson Query, all users connect to the data source by using the credentials of that user because they added the connection.
When pass-through authentication is enabled, a user can add a connection and define it so that when a virtual table is queried, the user’s personal credentials, as defined in the platform connection, are passed through to authenticate with the data source.
When pass-through authentication is enabled, if a cache is created on a virtual object, the data is placed within the Watson Query access and governance model and bypasses any controls that might be implemented on the data source. To protect data properly, administrators must ensure that appropriate access lists and governance policies are defined on the virtual objects within Watson Query and the governed catalog before they create a cache.