Skip to main content
Your team is growing and adding people to flows that pull from Shopify, Google Drive, and other systems. Before you start handing out access, it’s worth thinking through how you want to manage integrations at scale. This lesson covers the options — and how to answer the security questions that will inevitably come your way.

Video overview

Two layers of permissions

Access in Parabola operates at two distinct levels, and it’s important to understand both:
  1. Flow-level permissions — who can see and edit a flow
  2. Integration-level permissions — who can use the credentials that connect a flow to an external system
These are independent of each other. A teammate can have edit access to a flow but no access to the credential it uses. In that case, they’ll see the existing data in the flow — but won’t be able to change what gets pulled in.

Flow-level permissions

By default, flows are private — only the person who created them can see or edit them. Visibility opens up in layers:
LevelWho has access
PrivateFlow owner only (default for all new flows)
SharedSpecific team members the owner grants view or edit access
Team flowsAnyone in the organization gets viewer access; the owner can optionally grant everyone editor access
Content adminAdmins with content permissions have edit access to all flows in the organization
Moving a flow into the Team flows space automatically grants your entire organization viewer access. To give a specific person edit access instead, use the sharing modal within the flow.

Integration-level permissions

Integration credentials are completely private by default — only the person who created them can see or use them. This applies even to org admins. You can share credentials with specific teammates at two levels:
PermissionWhat it allows
UseThe teammate can use this credential in their flows, but cannot view or modify it
EditThe teammate can modify the credential and re-authenticate on behalf of the team
When a shared credential is reconnected (re-authenticated), the update applies across all flows that use it — no need to update each flow individually. This is especially important when service account passwords expire or API keys are rotated.

Three approaches to integration authentication

There’s no single right answer here — and you can mix approaches within your team, applying different methods based on how sensitive or restricted a given integration is.
What it is: Each user connects their own personal credentials for third-party services (e.g. their own Google Drive account).Best for: Teams where traceability matters — you need to know exactly whose credentials were used when a flow ran.Trade-offs: Most traceable, but creates a fragility risk. If a flow relies on one person’s credentials and they leave, the flow breaks until someone reconnects it.How to set it up:
1
Open the integration step and click Authorize.
2
Select Add a new account.
3
Complete the authentication in the pop-up window using your personal credentials.
4
The credential is created and private by default — only you can use it.

Which approach should you use?

If you’re not sure where to start:
  • Default to service account authentication for most integrations — it’s the most practical for a team environment and easiest to maintain over time
  • Use individual authentication when you need a clear audit trail and traceability to specific people matters
  • Use IT-managed Parabola Tables when your data governance policy requires that users have no direct access to the source integration
You don’t have to pick just one. Many teams use service accounts for most integrations and IT-managed tables for a small number of particularly sensitive sources.

Security & compliance basics

Your IT or InfoSec team will eventually ask about Parabola’s security posture. Here’s what you need to know: Platform security:
  • Parabola is SOC 2 compliant and conducts annual third-party penetration tests
  • Flow data stays in memory during execution and is never written to disk — it’s deleted after 14 days or when the flow next runs
  • Integration credentials are stored separately with 256-bit encryption
  • Parabola support can only access your flows read-only, and only with your permission
AI steps:
  • AI steps in Parabola are powered by the best and most recent models under enterprise agreements with DPAs
  • AI providers will not use prompt contents from Parabola AI steps as training data
  • Only data from the specific columns you select is sent to AI providers (with the exception of the Experiment with AI step, which uses the full dataset)
Data responsibility:
  • Parabola is data-neutral and data-agnostic — the platform processes what you configure it to process, without inspecting or monitoring the data itself
  • You are responsible for ensuring you have permission to process the data you bring into Parabola
For a full breakdown of data storage, retention, encryption, and compliance details, see the Security FAQs and Shared data responsibility pages.

What’s next

In the final full lesson, we’ll cover the operational side of admin work: adding and removing users, organizing flows into folders, and keeping everything running smoothly over time.

Building challenge

Review the integration credentials currently connected to your team’s account.
1
Open any flow that uses an integration step (e.g. Pull from Google Drive).
2
Click the step and go to Edit Accounts.
3
Check whether each credential is private or shared (look for the 🔒 icon for private accounts).
4
If a shared credential isn’t clearly named, rename it so teammates know exactly what it represents.
Last modified on March 5, 2026