Impersonation
We have created 2 node design and automation we were able to move users and connection from design node to automation using the .json files.
do we have such an alternative for user impersonation as well were we can copy the details from design to automation
Operating system used: Linux
Best Answer
-
Alexandru Dataiker, Dataiku DSS Core Designer, Dataiku DSS ML Practitioner, Dataiku DSS Adv Designer, Registered Posts: 1,226 Dataiker
Yes, it's possible via API/ or copying fragments of the general-settings.json we will need also, it's best to utilize regex in cases like this. Maintaining such a long list will be hard to manage, as you can see.
import dataiku
import dataikuapi
local_client = dataiku.api_client()host = "https://design-node-url:port"
api_key = "replace_here_generate_personal_api_key_of_admin_or_admin_api_key"
remote_client = dataikuapi.DSSClient(host, api_key)settings = client.get_general_settings()
impersonation_rules = settings.get_raw()['impersonation']
remote_rules = remote_client.get_general_settings().get_raw()['impersonation']
settings.get_raw()['impersonation'] = remote_rules
settings.save()
If you have any issues I would suggest you open a support ticket with the instance diagnostics and your security-config.ini from the design so we can provide more perspective guidance on this matter.
Thanks
Answers
-
Alexandru Dataiker, Dataiku DSS Core Designer, Dataiku DSS ML Practitioner, Dataiku DSS Adv Designer, Registered Posts: 1,226 Dataiker
Hi @Srkanoje
,
Note when migrating from connections, you may encounter issues :
As described here you need to re-enter the credentials :
https://doc.dataiku.com/dss/latest/troubleshooting/errors/ERR_SECURITY_DECRYPTION_FAILED.html
Also, mapping the connection 1:1 from design to automation may lead to a situation where datasets are not relocatable: https://doc.dataiku.com/dss/latest/connecting/relocation.html
For user impersonation, you can copy the existing configuration manually from the users section of security-config.ini : https://doc.dataiku.com/dss/latest/user-isolation/initial-setup.htmlRun the rest of the required steps for UIF
For impersonation rules you should simply copy the settings from UI of the Design to the Automation node.
Thanks -
@AlexT
we have almost have 200 user where set the user impersonation rule
is there a way to copy all these setting from Design node to automation nodeunder login LDAP SSO
-
@AlexT
is there a script to add a user impersonation rule for single or bulk users in one go.
meaning i want add impersonation rule on the desgin node itself but manual doing it for 50 people is time consuming so can we make an API call -
Alexandru Dataiker, Dataiku DSS Core Designer, Dataiku DSS ML Practitioner, Dataiku DSS Adv Designer, Registered Posts: 1,226 Dataiker
Hi,
You should probably regex to map all users with a single rule or few rules:
https://doc.dataiku.com/dss/latest/user-isolation/initial-setup.html#configure-identity-mapping
Instead of doing individual users you can add mapping rules by getting the current impersonation rules and appending the dictionary and then save new rules, using settings.save()