How do I disable plugin auto install?

I noticed a user requested the install of "Time Series Preparation" plugin and it was automatically approved. It says "APPROVED Approved automaticaly: plugin was installed - 12 minutes ago"
Where can I disable this automatic approval?
In Administration > Settings > Other > Misc > Access & requests I can see "Plugins requests : Allow non-admin users to request a plugin installation" but that is not it, that will prevent the user from clicking the "REQUEST INSTALL" button, but that's not what I want.
I don't understand why that plugin was installed without my approval, I have tested with another user and other plugin and that is not "automatically approved".
Operating system used: Amazon Linux 2
Best Answer
-
I contacted dataiku support about this
Turn out the message "Approved automatically" means that- there was an pending request to install this plugin by user X
- An administrator installed the plugin, (not approved the request, but installed the plugin directly from the store)
- then dataiku marks any pending request to install this plugin as "approved automatically" since the plugin is already installed.
- So it was "automatically approved" but not "automatically installed" , it was "automatically approved" when the admin user installed it.
In order to find who and when the plugin was installed you need to look into the audit.log and search for "admin-plugin-install-from-store"
{
"severity": "INFO",
"logger": "dku.audit.generic",
"topic": "generic",
"message": {
"callPath": "/api/plugins/install-from-store",
"auditTopic": "generic",
"msgType": "admin-plugin-install-from-store",
"authSource": "USER_FROM_UI",
"pluginId": "timeseries-preparation",
"clientIP": "xxx",
"xForwardedFor": "xxx",
"authUser": "xxx",
"originalIP": "xxx"
},
"mdc": {
"apiCall": "/api/plugins/install-from-store",
"user": "xxx"
},
"callTime": 62,
"timestamp": "2023-08-18T12:05:34.295+0000"
}Unfortunately, when the plugin was installed and by who is not show on the Dataiku UI > Plugins > Time Series Preparation plugin summary (or anywhere else in the UI ) . I've filled a Product Idea at https://community.dataiku.com/t5/Product-Ideas/The-Plugin-summary-page-should-show-when-the-plugin-was/idi-p/36835 to add that kind of information to the UI
Answers
-
Turribeach Dataiku DSS Core Designer, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023, Circle Member Posts: 2,591 Neuron
I wonder if this is because the user belongs to a security group which has the "Develop Plugin" option turned on. Technically speaking if a user can develop a plugin then it should be able to create a new one so therefore that might also translate to installing one too. If this is not the case please raise with Dataiku Support and update the thread once you know more, we are moving to v12 soon so we wouldn't want this automatic approval behavoir either.
-
Turribeach Dataiku DSS Core Designer, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023, Circle Member Posts: 2,591 Neuron
Many thanks for posting the update and raising the product idea. I have voted for it as well as I do think this should have more visibility in the UI. Also there seems to be no way to get this information from the Python API either.
-
Hello,
You can follow these steps:
- Go to Administration > Plugins > Plugin Management.
- Find the Automatic Approvals section.
- Toggle off auto-approvals for plugin installations.
- Save changes and test to confirm.
Thanks!
-
I can't find the option that you talk about in DSS 12.1.3
Under Administration there is only (License, Connection, Security, Clusters, Code Studios, Code Envs, Monitoring, Maintenance, Settings), there is no "Administration > Plugins"
I wonder, what version of DSS are you using, can you post a screenshot?
-
Turribeach Dataiku DSS Core Designer, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023, Circle Member Posts: 2,591 Neuron
@ecerulm
I am afraid you have been duped by most likely an AI spam bot. We had few of these over the last few months post in the Community. They are very hard to detect as you can see but for the moment most will have a single URL link to Levono . com or igmguru . com somewhere in the post. They are usually on subject and come up with "meaningful" answers or even questions as well.No doubt it's going to get even harder to discern human content from AI content in the next few years. Maybe Dataiku should create an adversarial neural network to fight the AI bots? Who knows in a few years humans might be gone from this forum and it will only have posts from AI bots teaching themselves how to use Dataiku
The irony of a machine learning user forum being attacked by an AI bot...