Security and permissions

The Slack assistant is a passthrough. If you can access something in the Agent Studio web app, you can access it in Slack. Same auth model, same permissions, same data.

User identity

The assistant acts as you, not as a shared bot account.

When you connect your Alation account, you complete an OAuth 2.0 flow with your own Alation credentials. The app stores a mapping of your Slack user ID to your Alation identity. Every request you make — asking a question, running an agent, querying a data product — goes to Alation under your token. Alation enforces your permissions, the same ones that apply in Agent Studio.

Two users in the same Slack workspace will get different results if they have different Alation roles or different access to data products.

Connecting your account

Each user connects individually. See Setup for instructions.

Data access and permissions

Can the assistant expose data you shouldn’t see?

No. The assistant can only return data you already have access to in Alation. Every request runs under your personal token, so Alation’s RBAC applies in full: catalog visibility, data product access, and agent publish/draft status all behave the same as in Agent Studio. See Roles and Permissions for the full role hierarchy.

Channel surface area risk

Responses in shared channels

The assistant returns your data, but it returns it into Slack. If you use it in a public or shared channel, the response appears in that channel’s thread where other members — including those who don’t have access to the same data in Alation — can read it.

To avoid this, use DM mode: @mention the assistant in a channel and your response is sent privately to your DMs instead. You can also use the assistant directly in a DM conversation. See @mention visibility to configure the default.

Database credentials for queries

When an agent queries a data warehouse on your behalf, credentials are resolved inside Alation in this order:

1. Your own database credentials for that data product, if configured
2. A shared service account assigned to the data product, if your Alation admin has enabled one

The Slack app never stores or handles warehouse credentials directly.

SSO credentials

Some data products require SSO authentication (for example, Databricks token-based auth). Those credentials are established when you first run the agent in Agent Studio. Slack cannot initiate SSO flows. If your SSO session has expired, run the agent once in Agent Studio to re-authenticate, then return to Slack.

What leaves Alation

Agent responses, which may include query results or analysis, are sent to Slack and shown in your DM or channel thread. These are governed by your Slack workspace’s data retention and security policies. For a broader view of how the plugin handles data and LLM calls, see Agent Skills Security.

If your admin has enabled file downloads, generated files (CSVs, charts) are also uploaded to Slack.

How a request flows

Summary

Question	Answer
Whose identity is used?	Yours. Each user connects with their own Alation OAuth token.
Can the assistant see data you can’t?	No. Alation’s RBAC applies to every request.
Can others in a channel see your responses?	Yes, if you use Public mode. Use DM mode or direct DMs to keep responses private.
Whose database credentials run queries?	Yours first; shared service account as fallback if admin-configured.
Does Slack store warehouse credentials?	No. Credential resolution happens inside Alation.
Is there a shared bot account?	No. Two users with different Alation permissions get different results.