File/folder access for consumers in data app

I am facing another problem in our transition to Business Hub and maybe someone has a solution for it.
We have several workflows (data apps) where we need to access local files/folders or data stored in a Business Hub space.
For developers/team members it is quite easy to access via Hub authenticator, Connectors and Secrets but for consumers i did not found a solution.
Storing the data in the workflow is no (good) option because we have to update the data frequently.
Hope i explained it good enough and many thanks in advance,

Hi @larsgrohmann

Thanks for posting on the forum and having questions and solutions publicly available. Much appreciated!
Could you give us some more info on the exact use case or the behavior you would expect? When workflow developers design the workflow and access the Hub local file system the way you described, and consumers run the data app that uses e.g. a team secret with the according permissions in the backend, that doesn’t work?


Hi @Alice_Krebs ,
Sure! Please find following the major use cases i need to solve:

1.) A global team within our company is uploading files from local network drives into a database. On Knime server we have used a “virtual user” having access to the folders. This solution is not the safest because all users can access all provided folders. My initial idea on Business Hub was the use of “secrets” to grant consumers access to the folders where they are assigned to. After implementing first consumers on Hub i have noticed that secrets are only for users but not for consumers.
For now i will solve that by using a simple file upload. This is ok but sometimes the consumers have to upload multiple files which makes the single upload little stressful.
Second idea is to use Microsoft Authenticator but for now we have not registered AP in Microsoft and i need to check with our IT if we can do that. Do you have any experience if that’s a suitable way for accessing local files/folders?
Any other solution is highly appreciated.

2.) We are joining various information in a workflow and these information are sometimes stored in Knime tables or Excel files. My initial idea here was to store the files in a BH space and use Space connector for accessing files. The Space is private and any trial to load the data for consumers failed (e.g. with team secrets). Storing the data in the workflow data area is no option because i need to make frequent updates of the data which is leading to a complicated versioning of the workflow after updating data.
Finally I simply put the the data in a public space which is ok for now but i am looking for a saver way to solve this.

Many thanks in advance!
Kind regards,

Hi @larsgrohmann

Thanks for the clarification! :slight_smile:

  1. so I understood that KNIME Server served as a file system (holding a database) here, and access it not (necessarily) through a data app. This indeed not that straightforward on the Hub anymore, and secrets are indeed only for people connecting from their AP to the BHub (aka users). I think you are already on a good track with Microsoft Sharepoint, that’s at least what I would have proposed. Login to that is possible from local APs without Hub connection (see e.g. HERE, it’s done through Microsoft Authenticator and Sharepoint Connector nodes). If this won’t affect schedules, people should be able to login through interactive without further setup

  2. there are several options here

a) as you did, files in public spaces. That’s not that toooo bad, because files don’t show up in the search results, and consumers don’t have access to the space because only team members have.

b) a team member with access to the private space holding the files creates an application password. This one can be used/hardcoded in the KNIME Hub Connector node (you could also use the Credential Widget node, but then you would also need to hardcode it there)

That sequence of nodes can also be executed by consumers to read the file (here Excel).

c) you provide this application password as a team secret and share it with consumers (groups), and then the data app will run for the consumers (and it can’t be fetched from the Hub using the Secret Retriever node because consumers can’t use the Hub Authenticator node).

Does this help?

1 Like

Hi @Alice_Krebs ,
Many thanks for the comprehensive feedback! That’s helping a lot.
I will give the application password in the private space a try.

The Microsoft Authenticator is already on my prio list to get Sharepoint files managed. I was already in contact with our IT team to get the Analytics Platform registered in Microsoft using the App ID. They are now asking for more info how to do and what to be considered (also in terms of security). Is their any documentation available to guide our IT team?


Hi @larsgrohmann

Glad that was useful!
There is more information in the How-To section of the Secrets Guide HERE.
I hope that will be a good starting point.


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.