This website uses cookies. By clicking OK, you consent to the use of cookies. Read our cookie policy.
Accept
Reject
Community
Discover this year's submissions to the Dataiku Frontrunner Awards and give kudos to your favorite use cases and success stories!READ MORE

Restrict the Schema Visibility in Redshift JDBC

Solved!
raviagrawal
Level 3
Level 3
‎05-13-2020 09:47 PM
Restrict the Schema Visibility in Redshift JDBC

Hi,

We are using the redshift as source for dataiku but while doing search/import user can see all the schema's and tables even if he do not have access on that. Is there a way that schema  visibility can be restricted to couple of schema's only.

Regards,

Ravi Agrawal

 

 

Reply
1 Solution
Clément_Stenac
Dataiker
Dataiker
‎05-14-2020 07:42 AM

Hi,

There are two use cases here:

  • If your Redshift connection is configured with per-user-credentials (i.e. each user enters his own Redsfhit username/password combination), then each user who goes into the connection explorer will only see the tables that his Redshift user is allowed to see. The burden of making sure that grants on Redshift are correct falls on your Redshift DBA.

 

  • If your Redshift connection is configured with a single global credential, then DSS has no way to guess which schemas "should" be visible by each user. In essence, all connections from DSS to Redshift are performed as a single user with a single security context. Even if DSS tried to perform some filtering in the connections explorer, it would be very easy for the user to workaround by writing custom SQL.

 

So you have two options:

  • Either user per-user credentials. This is the most recommended method.
  • Or create multiple Redshift connections, with different users, and leverage the "Freely usable by" setting in DSS to give differentiated access to the connection. Beware that this second solution makes cross-connection flows more complicated.

 

View solution in original post

Reply
1 Reply
Clément_Stenac
Dataiker
Dataiker
‎05-14-2020 07:42 AM

Hi,

There are two use cases here:

  • If your Redshift connection is configured with per-user-credentials (i.e. each user enters his own Redsfhit username/password combination), then each user who goes into the connection explorer will only see the tables that his Redshift user is allowed to see. The burden of making sure that grants on Redshift are correct falls on your Redshift DBA.

 

  • If your Redshift connection is configured with a single global credential, then DSS has no way to guess which schemas "should" be visible by each user. In essence, all connections from DSS to Redshift are performed as a single user with a single security context. Even if DSS tried to perform some filtering in the connections explorer, it would be very easy for the user to workaround by writing custom SQL.

 

So you have two options:

  • Either user per-user credentials. This is the most recommended method.
  • Or create multiple Redshift connections, with different users, and leverage the "Freely usable by" setting in DSS to give differentiated access to the connection. Beware that this second solution makes cross-connection flows more complicated.

 

Reply
A banner prompting to get Dataiku
Help me …
… ask a question … search for an answer … learn to use the Community