Reading details of a connection
When I setup an AWS S3 data connection in DSS 9.0.1, if I select "Freely usable by: Every analyst", but "Details readable by: Nobody", users can still see all the details of the connection (even the clear text credentials) with code if they create a notebook and print the contents of the "remote-run-env-def.json" file in the notebook home directory.
Is this expected behavior? How is the "Details readable by: Nobody" option supposed to work?
Is there some other setting that's needed to obfuscate the connection credentials from non-owners of the connection?
Operating system used: RHEL 7.9
Best Answer
-
Hi,
These settings are only fully effective when DSS is configured with User Isolation enabled (https://doc.dataiku.com/dss/latest/user-isolation/).
Without User Isolation, user workloads run as the same UNIX user as the Dataiku server, and users can thus directly read the config, making these protections not effective.
Answers
-
Thank you for the explanation!