The "Run as" option in Scenarios - Security measures

marawan
marawan Partner, Registered Posts: 19 Partner

Hi, I had a question regarding the use of the "Run as" option in Scenarios. From what I understand, the admin user can set this option on a scenario, and all the steps in the scenario would run as this user even when triggered by other users. Non-admin users however can change the steps in the scenario to add whatever they like and it will still run as the impersontaed user.

This occured to me today because I was testing using scenarios to deploy bundles to the automation node and for that, the user running the macro needs to be an admin user, so I was thinking about using the "Run as" option for this scenario. However, given that this is an admin user, other non-admin users who have access to this scenario can potentially change the steps and add their own steps and that would still be executed with elevated privileges (ex. deploy to api deployer, delete projects ....).

I realise that this is ultimately the administrator's responsibility to use this option responsibly and that in the future, an admin user will not be needed to perform the deployment to the automation node, so setting an admin user as the "Run as" user will not be needed. I just wanted to know if my understanding is correct, or if there are security measures against this scenario I described.

Thank you

Best Answer

  • Clément_Stenac
    Clément_Stenac Dataiker, Dataiku DSS Core Designer, Registered Posts: 753 Dataiker
    Answer ✓

    Hi,

    We confirm that your understanding is correct and that there are not additional security measures. "Run as" is usually mostly used on the automation node, where the original user may not be available and where far fewer users exist.

    In the cases where "Run as" is used in the design node, we'd advise restricting the project to trusted users only (I realize this may not suit your needs).

Answers

Setup Info
    Tags
      Help me…