User Isolation¶
Note
User Isolation Framework was previously called Multi-User-Security.
Note
If using Dataiku Cloud Stacks installation, User Isolation is automatically managed for you, and you do not need to follow these instructions
On an out-of-the-box installation of DSS, every action performed by DSS is performed as a single account on the host machine. This account which runs the DSS service is called the dssuser
. For example, when a DSS end-user executes a code recipe, it runs as the UNIX dssuser
Similarly:
Every action performed on a Hadoop cluster is performed by the
dssuser
service account. When a DSS end-user executes an Hadoop/Spark recipe or notebook on a Hadoop cluster, it runs on the cluster as the Hadoopdssuser
.Every action performed on Kubernetes is initialized through the
dssuser
service accountActions performed on external databases use the credentials configured in the database connection.
This default behavior has several limitations:
There is a lack of traceability on the Hadoop clusters to identify which user performed which action.
If the DSS end-user is hostile and has the permission to execute “unsafe” code, he can run arbitrary code as UNIX
dssuser
and modify the DSS configuration
DSS features a set of mechanisms to isolate code which can be controlled by the user, so as to guarantee both traceability and inability for a hostile user to attack the dssuser
. Together, these mechanisms form the User Isolation Framework.
The User Isolation Framework is not a single technology but a set of capabilities that permit isolation depending on the context. Most of the components of the User Isolation Framework imply that DSS impersonates the end-user and runs all user-controlled code under different identities than dssuser
.
This documentation includes a number of reference architectures showing common deployments of the various UIF components.
Note
The User Isolation Framework requires an Enterprise Edition license of DSS.
- Capabilities of User Isolation Framework
- Concepts
- Prerequisites and limitations
- Initial Setup
- Troubleshooting
- Reference architectures
- Local-code only
- Setup with Cloudera
- The two modes
- Prerequisites and required information
- Common setup
- Sentry-mode
- DSS-ACL-synchronization-mode
- Validate behavior
- Operations (Sentry mode)
- Operations (ACL synchronization mode)
- Setup with Hortonworks Data Platform
- The two modes
- Prerequisites and required information
- Common setup
- Ranger-mode
- DSS-ACL-synchronization-mode
- Validate behavior
- Operations (Ranger mode)
- Operations (ACL synchronization mode)
- Setup with Kubernetes
- Details of UIF capabilities
- Advanced topics