Capabilities of User Isolation Framework¶
| Feature | Without UIF | With UIF |
|---|---|---|
| Access control on projects | Yes | Yes |
| Access control on connections | Yes | Yes |
| Enforcement of permissions to execute code | Yes | Yes |
| Per-user credentials on SQL connections. | No | Yes |
| Impersonation on Oracle. | No | Yes |
| Impersonation on Microsoft SQL Server | No | Yes |
| Execution of “regular” code (Python, R) locally | Not isolated | Isolated |
| Execution of “regular” code (Python, R) on Kubernetes | Isolated | Isolated |
| Execution of Spark code (Python, R, Scala) on YARN | Not isolated | Isolated |
| Execution of Spark code (Python, R, Scala) on Kubernetes | Not isolated | Isolated |
| Connecting to secure Hadoop clusters (Kerberos). | Yes | Yes |
| HDFS ACLs to enforce permissions even against code execution | No | Yes |
| Authentication against LDAP directory | Yes | Yes |
| Authentication with Single-Sign-On | Yes | Yes |
| Traceability of all actions, including code execution | Yes | Yes |
| Non-repudiable audit log | No | Yes |
| Hadoop-level traceability of individual actions. (Cloudera Navigator, Atlas, …) | No | Yes |
See the comparison of Dataiku DSS editions to determine what levels of security apply to your installation.