Authentication information and impersonation#
Introduction#
From any Python code, it is possible to retrieve information about the user or API key currently running this code.
This can be used:
From code running within a recipe or notebook, for the code to know who is running said code
From code running with a plugin recipe, for the code to know who is running said code
From code running outside of DSS, simply to retrieve details of the current API key
Furthermore, the API provides the ability, from a set of HTTP headers, to identify the user represented by these headers. This can be used in the backend of a webapp (either Bokeh, Dash or Flask), in order to securely identify which user is currently browsing the webapp.
Code samples#
Getting your own login information#
import dataiku
client = dataiku.api_client()
auth_info = client.get_auth_info()
# auth_info is a dict which contains at least a "authIdentifier" field, which is the login for a user
print("User running this code is %s" % auth_info["authIdentifier"])
Authenticating calls made from a webapp#
Please see Webapps and security and Impersonation with webapps
Impersonating another user#
As a DSS administrator, it can be useful to be able to perform API calls on behalf of another user.
import dataiku
client = dataiku.api_client()
user = client.get_user("the_user_to_impersonate")
client_as_user = user.get_client_as()
# All calls done using `client_as_user` will appear as being performed by `the_user_to_impersonate` and will inherit
# its permissions
Modifying your own user properties#
As a user (not an administrator), you can modify some of your own settings:
User properties
User secrets (see below)
Per-user-credentials (see below)
import dataiku
client = dataiku.api_client()
my_user = client.get_own_user()
settings = my_user.get_settings()
settings.user_properties["myprop"] = "myvalue"
settings.save()
Modifying your own user secrets#
import dataiku
client = dataiku.api_client()
my_user = client.get_own_user()
settings = my_user.get_settings()
settings.add_secret("secretname", "secretvalue")
settings.save()
Entering a per-user-credential for a connection, for yourself#
To do it for other users, Users and groups.
import dataiku
client = dataiku.api_client()
my_user = client.get_own_user()
settings = my_user.get_settings()
settings.set_basic_connection_credential("myconnection", "username", "password")
settings.save()
Entering a per-user-credential for a plugin preset, for yourself#
To do it for other users, see Users and groups.
import dataiku
client = dataiku.api_client()
my_user = client.get_own_user()
settings = my_user.get_settings()
settings.set_basic_plugin_credential("myplugin", "my_paramset_id", "mypreset_id", "param_name", "username", "password")
settings.save()
Reference documentation#
Classes#
|
Entry point for the DSS API client |
|
A handle to interact with your own user |
Settings for the current DSS user. |
|
|
A handle for a user on the DSS instance. |
Functions#
|
Add a user secret. |
|
Returns various information about the user currently authenticated using this instance of the API client. |
|
Returns various information about the DSS user authenticated by the dictionary of HTTP headers provided in headers_dict. |
Get an API client that has the permissions of this user. |
|
Get a handle to interact with the current user :return: A |
|
Get your own settings |
|
|
Get a handle to interact with a specific user |
|
Set per-user-credentials for a connection that takes a user/password pair. |
|
Set per-user-credentials for a plugin preset that takes a user/password pair |
Get the user properties for this user. |