Discover the winners & finalists of the 2022 Dataiku Frontrunner Awards!READ THEIR USE CASES

Reading details of a connection

Solved!
cdarendtr0n
Level 1
Reading details of a connection

When I setup an AWS S3 data connection in DSS 9.0.1, if I select "Freely usable by: Every analyst", but "Details readable by: Nobody", users can still see all the details of the connection (even the clear text credentials) with code if they create a notebook and print the contents of the "remote-run-env-def.json" file in the notebook home directory.

Is this expected behavior? How is the "Details readable by: Nobody" option supposed to work?

Is there some other setting that's needed to obfuscate the connection credentials from non-owners of the connection?


Operating system used: RHEL 7.9

0 Kudos
1 Solution
Clément_Stenac
Dataiker

Hi,

These settings are only fully effective when DSS is configured with User Isolation enabled (https://doc.dataiku.com/dss/latest/user-isolation/).

Without User Isolation, user workloads run as the same UNIX user as the Dataiku server, and users can thus directly read the config, making these protections not effective.

View solution in original post

2 Replies
Clément_Stenac
Dataiker

Hi,

These settings are only fully effective when DSS is configured with User Isolation enabled (https://doc.dataiku.com/dss/latest/user-isolation/).

Without User Isolation, user workloads run as the same UNIX user as the Dataiku server, and users can thus directly read the config, making these protections not effective.

cdarendtr0n
Level 1
Author

Thank you for the explanation!

0 Kudos