Exposed objects

In DSS, projects are the main unit of permissions: groups are granted project-level permissions. Projects are also the main unit of the Flow: a job builds datasets, models, folders of a project, from other sources in the project.

There are cases, however, when you want to have objects (datasets, models, folders, notebooks, ...) that are created in a project, but used in another project.

  • In some of these cases, the same users will have access to both projects. This multiple-projects architecture is then mostly useful to keep smaller manageable projects. For example, you could want to have an “upstream” projects where the initial data preparation takes place and a “downstream” project where the business analysis takes place
  • In other cases, different users have access to both projects. For example, you could have an “upstream” project which contains raw, non-anonymized data, with access restricted to a small number of trusted employees. This upstream project produces aggregated anonymized datasets that you want to make available to a large number of business projects, with more relaxed access rights.

Whether there is a security concern or not, cross-project usage of objects is configured in the “Exposed objects” settings of the source project.

Exposing objects between projects

To make an object from project A to project B, you need to have the “Manage exposed elements” permission on project A. See Main permissions for more information.

You can see and manage the whole list of exposed objects from Project A’s : Settings > Security > Exposed elements screen.

For each object, you can configure to which projects it is exposed. You can have a per-project view, and choose, for each target project, which objects are exposed to it.

You can also expose individual objects from their Actions menu (“Share” action).

../_images/share-object.png

Permissions on exposed objects

When an object is exposed from project A to project B, analysts of project B have read-only access to the object.

Dataset

Analysts of project B can:

  • View the dataset’s data, with arbitrary sampling settings
  • Use it in recipes
  • Build charts on it
  • Use it in a visual analysis
  • Build machine learning models on it
  • Use it in notebooks
  • Export it (if they have “Export datasets data” permission in project B)
  • Put it on a dashboard

They cannot:

  • View or change the settings of the dataset
  • Build the dataset
  • Clear the dataset
  • View or change the metrics
  • “Analyse” in explore on the full data (only on the sample)

Managed folder

Analysts of project B can:

  • View the contents of the folder
  • Use it in recipes
  • Use it in notebooks
  • Put it on a dashboard

They cannot:

  • Upload new files or remove files
  • Build the folder
  • View or change the metrics

Saved model

Analysts of project B can:

  • View the reports of the model
  • Use it in a scoring or evaluation recipe
  • Put it on a dashboard

They cannot:

  • Retrain the model
  • Modify the active version
  • Remove old versions
  • View or change the metrics

Jupyter notebook

Analysts of project B can only put it on a dashboard.

Web app

Analysts of project B can only put it on a dashboard.

Other objects

It is not possible to expose a visual analysis, a SQL notebook, a recipe, an API service, a bundle.