Capabilities of User Isolation Framework
|
Feature |
Without UIF |
With UIF |
|---|---|---|
|
Access control on projects |
Yes |
Yes |
|
Access control on connections |
Yes |
Yes |
|
Enforcement of permissions to execute code |
Yes |
Yes |
|
Per-user credentials on SQL connections. |
No |
Yes |
|
Impersonation on Oracle. |
No |
Yes |
|
Impersonation on Microsoft SQL Server |
No |
Yes |
|
Execution of “regular” code (Python, R) locally |
Not isolated |
Isolated |
|
Execution of “regular” code (Python, R) on Kubernetes |
Isolated |
Isolated |
|
Execution of Spark code (Python, R, Scala) on YARN |
Not isolated |
Isolated |
|
Execution of Spark code (Python, R, Scala) on Kubernetes |
Not isolated |
Isolated |
|
Connecting to secure Hadoop clusters (Kerberos). |
Yes |
Yes |
|
HDFS ACLs to enforce permissions even against code execution |
No |
Yes |
|
Authentication against LDAP directory |
Yes |
Yes |
|
Authentication with Single-Sign-On |
Yes |
Yes |
|
Traceability of all actions, including code execution |
Yes |
Yes |
|
Non-repudiable audit log |
No |
Yes |
|
Hadoop-level traceability of individual actions. (Cloudera Navigator, Atlas, …) |
No |
Yes |
See the comparison of Dataiku DSS editions to determine what levels of security apply to your installation.