https://community.appian.com/discussions/f/integrations/23325/security-questionAn API I was building required a query of a datastore and to avoid getting a 500 error, I needed to add the service account as a viewer to the datastore. While I don&#39;t particularly care about access to the entity that is getting queried, there are otheren-USTelligent Community 12https://community.appian.com/thread/89551?ContentTypeID=1Fri, 07 Jan 2022 21:56:31 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:6b7e1622-3970-44bc-9e1a-a3ad8b26fd7dMarco<p>That was more or less my thinking, but I thought I&#39;d ask anyway as it is better to be safe than sorry.&nbsp;</p><div style="clear:both;"></div>https://community.appian.com/thread/89550?ContentTypeID=1Fri, 07 Jan 2022 21:50:18 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:10b5b192-617b-41a5-b22f-9d991e030840Mike Schmitt<p>I don&#39;t see what feasible risk this would represent if the service account has viewership access to the general data store - it&#39;s still being given access to the specific API you&#39;re building and that API is still only querying the specific thing you&#39;re telling it to query.&nbsp; It&#39;s not like it enables that user to log in (at all) and even if it was a user that could log in, it&#39;s not as if they would have access to browse the data store or launch arbitrary queries.</p><div style="clear:both;"></div>