Principals
Principals are identities that can be granted access in Altertable. A principal can be a person using the app or a service account used by automation.
Altertable applies the same access control model to both types: assign roles at the organization, environment, or catalog level depending on how much access the principal needs.
Principal types
Type | Use for | Managed from |
|---|---|---|
Team member | Humans who sign in to the Altertable app | Organization settings |
Service account | Automation such as CI, dbt jobs, scripts, and machine-to-machine access | Organization settings |
Service accounts
Use service accounts instead of shared human accounts for scheduled jobs and integrations. They make ownership clearer, can be scoped narrowly, and can be rotated without affecting a person's login.
Typical uses include:
- Running ingestion or transformation jobs.
- Connecting BI tools or scripts.
- Managing deployments that need API or lakehouse credentials.
- Giving an AI client or workflow access to a specific environment or catalog.
After creating a service account, review its roles before using it in production. Prefer catalog-level or environment-level access when the job does not need the full organization.
Learn more
- Access control: role scopes and recommended patterns.
- Authentication: credentials for querying the lakehouse.
- MCP: Governed agent access to interact with your lakehouse.