Capabilities of User Isolation Framework¶
Feature |
Without UIF |
With UIF |
|---|---|---|
Access control on projects |
Yes |
Yes |
Access control on connections |
Yes |
Yes |
Enforcement of permissions to execute code |
Yes |
Yes |
Per-user credentials on SQL connections. |
No |
Yes |
Impersonation on Oracle. |
No |
Yes |
Impersonation on Microsoft SQL Server |
No |
Yes |
Execution of “regular” code (Python, R) locally |
Not isolated |
Isolated |
Execution of “regular” code (Python, R) on Kubernetes |
Isolated |
Isolated |
Execution of Spark code (Python, R, Scala) on YARN |
Not isolated |
Isolated |
Execution of Spark code (Python, R, Scala) on Kubernetes |
Not isolated |
Isolated |
Connecting to secure Hadoop clusters (Kerberos). |
Yes |
Yes |
HDFS ACLs to enforce permissions even against code execution |
No |
Yes |
Authentication against LDAP directory |
Yes |
Yes |
Authentication with Single-Sign-On |
Yes |
Yes |
Traceability of all actions, including code execution |
Yes |
Yes |
Non-repudiable audit log |
No |
Yes |
Hadoop-level traceability of individual actions. (Cloudera Navigator, Atlas, …) |
No |
Yes |
See the comparison of Dataiku DSS editions to determine what levels of security apply to your installation.