dataset view and access control in yaml file
Question
I am new to intake and I am trying to understand how I can control the visibility and access rights for catalog entries. For example I would like to find out how a catalog yaml file looks like for the following case, suppose I have two csv files to which I provide access through a catalog yaml file together with two users. How can I make only one csv visible to one user while the other user can see both files? Or how would I need to change the yml file below to accomplish this?
metadata:
version: 1
description: "lattice data catalog"
sources:
sample1:
driver: csv
args:
urlpath: test1.csv
testcsv:
driver: csv
args:
urlpath: test2.csv
1 answers
solution1
0 2020-06-26 14:12:49
Firstly, let's specify that this is in the context of the Intake server. You could build a YAML catalog driver which could only present some entries to a user based on some environment variable or other information, but we'll not consider that here.
The general outline for creating an auth plugin for the server is given in the docs . In that case, a header string is compared to a single static secret. In your case, the key information will be passed by your authenticating proxy. You could compare the user to some explicit input drawn from an external source:
def allow_access(self, header, source, catalog):
user = header.get("X-user-from-nginx", None)
source_name = source.describe()['name']
if source_name == "sample1":
return user in ['user1', 'user2']
if source_name == "sample2":
return user in ['user2']
return False
or you could embed the permissions into the catalog (which will only make sense when read via your server with the given auth)
sources:
sample1:
driver: csv
args:
urlpath: test1.csv
metadata:
allow_users: ["user1"]
with auth plugin
def allow_access(self, header, source, catalog):
user = header.get("X-user-from-nginx", None)
allowed = source.describe().get("metadata", {}).get('allow_users', [])
return user in allowed
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.