Hello,
Opening this following the discussion with @Tarunima and recommendation to open a Feature Request ( Enhancing Security and Automation with Service Accounts in Looker - #10 by Tarunima ).
Summary
Allow Looker Service Accounts to authenticate with specific User Attributes, producing a short-lived token that can be used to run API queries (e.g., run_inline_query) within that scoped context.
Problem
Looker Service Accounts authenticate via client_id / client_secret but cannot assume tenant context via User Attributes. As a result, we must create and manage Embed Users per tenant in order to run API queries with proper data isolation, which is operationally heavy and not aligned with service-to-service use cases.
Requested Capability
-
Authenticate as a single Looker Service Account
-
Provide User Attributes at authentication time
-
Receive a short-lived access token
-
The token/session is tied to the Service Account but scoped by the provided User Attributes
-
Use this token to run standard API calls (including
run_inline_query) with normal permission enforcement
Value
-
Eliminates the need for per-tenant Embed Users
-
Enables clean, secure multi-tenant integrations
-
Simplifies user and credential management