Skip to content

How Service Users Work

This page explains how Service Users work in Qualytics — from creation and authentication to lifecycle management and when to use them.

When to Use Service Users

Service Users are intended for secure, automated, and shared access to Qualytics. They provide consistent authentication for system-level workflows, ensuring stability and centralized management without dependency on individual user credentials.

Use Service Users For

  • Data Pipeline Automation: Use Service Users to integrate Qualytics operations within your automated data workflows, such as Airflow, dbt, Azure Data Factory, or other ETL pipelines.

  • Qualytics API Access: For programmatic interactions with Qualytics, such as managing resources or retrieving data through API calls, Service Users offer reliable, long-term access. See the Service Token API for endpoint details.

  • Qualytics CLI Operations: Automate data quality workflows and recurring tasks using the Qualytics CLI without relying on personal user tokens.

  • Data Catalog Integrations: Enable metadata synchronization and data lineage tracking with catalog platforms like Alation, Atlan, or other similar tools.

  • Shared Automation: Use Service Users for any automation or integration shared across multiple team members or systems to maintain consistency, security, and proper audit control.

Avoid Using Personal Access Tokens (PATs) For

Personal Access Tokens (PATs) are meant for individual, short-term, or development use only. Avoid using them in the following scenarios:

  • Shared Data Pipelines: Tokens should not be shared among users due to security risks.

  • Production Integrations: Tokens may become invalid if the associated user is deactivated or their role changes.

  • Team-wide API or CLI Automations: Difficult to manage and audit across multiple users.

  • Long-running Integrations: PATs are tied to individual user lifecycles and are not suitable for continuous system-level access.

Tip

If an automation is shared or runs in production, always use a Service User instead of a Personal Access Token (PAT) for improved stability, security, and governance.

Quick Reference

Task UI Location API Endpoint Required Role
Create a service user Settings → Users POST /users Admin
Create service token Users → Generate Token POST /user-tokens Admin
List service tokens Settings → Access Tokens (Service tab) GET /user-tokens/service Admin
Revoke token Access Tokens → Service tab → Token Menu → Revoke PUT /user-tokens/{id} Admin
Delete token Access Tokens → Service tab → Token Menu → Delete DELETE /user-tokens/{id} Admin