Reach out to Omni support to have this feature enabled in your Omni instance.
How it works
When OAuth is enabled on a connection, Omni prompts each user to authenticate with the database the first time they run a query. After authenticating, the user’s own database permissions apply to every query they run — rather than the permissions of the shared service account. A service account is still required on the connection. Omni uses it to build the model, which provides the foundation for all user queries.Getting started
Select your database to get started:Snowflake
Configure OAuth for Snowflake connections, including native and External OAuth options.
Limitations
Before enabling OAuth, review the following limitations.| Area | Details |
|---|---|
| Model and IDE | Omni models are built using the service account. All users will see the same tables and fields in the model unless you restrict visibility with access grants. |
| Field picker | All fields and tables will be visible in the workbook’s field browser unless explicitly restricted with access grants. |
| Scheduling | Schedules run as the schedule creator and cannot be personalized with user attributes. Schedules may also fail when the creator’s OAuth token expires — the creator must re-authenticate to resolve this. |
| Caching | Caches are not shared across users, which results in a lower cache hit rate and higher data warehouse costs. The same applies to cubes and extracts. |
| Content visibility | Users may be able to open dashboards that reference data they don’t have database permissions to query, which can result in permission errors. |
Some databases may have additional limitations. Check the setup guide for your database for details.
Related
- Access grants — Control which fields and tables are visible to each user in the model and field browser
- Content permissions — Control which dashboards and documents users can access