Capabilities of User Isolation Framework¶
Feature | Without UIF | With UIF |
---|---|---|
Access control on projects | Yes | Yes |
Access control on connections | Yes | Yes |
Enforcement of permissions to execute code | Yes | Yes |
Per-user credentials on SQL connections. | No | Yes |
Impersonation on Oracle. | No | Yes |
Impersonation on Microsoft SQL Server | No | Yes |
Execution of “regular” code (Python, R) locally | Not isolated | Isolated |
Execution of “regular” code (Python, R) on Kubernetes | Isolated | Isolated |
Execution of Spark code (Python, R, Scala) on YARN | Not isolated | Isolated |
Execution of Spark code (Python, R, Scala) on Kubernetes | Not isolated | Isolated |
Connecting to secure Hadoop clusters (Kerberos). | Yes | Yes |
HDFS ACLs to enforce permissions even against code execution | No | Yes |
Authentication against LDAP directory | Yes | Yes |
Authentication with Single-Sign-On | Yes | Yes |
Traceability of all actions, including code execution | Yes | Yes |
Non-repudiable audit log | No | Yes |
Hadoop-level traceability of individual actions. (Cloudera Navigator, Atlas, …) | No | Yes |
See the comparison of Dataiku DSS editions to determine what levels of security apply to your installation.