In today’s world, everything is happening in the cloud. Data and models are becoming more complex thus requiring more powerful laptops or GPUs but the cloud allows for scale. As the number of notebooks and notebook users grow, you need a platform that enables your team to effectively scale and manage the team’s work. Security and governance then becomes more important as you need to make sure that sensitive code, such as proprietary models, and data are only accessible to the appropriate users.
Unlike open source notebooks, DataRobot’s cloud-based notebook solution, Zepl, comes with out-of-the-box enterprise grade security. These powerful security features can be customized to your team’s needs and scale to an unlimited number of notebooks and users.
Zepl comes with the ability to apply granular security policies to each user in your Zepl organization. It also has management features such as monitoring container usage statistics to give you insights on the work that your team is doing.
Create policies that meet your governance needs
Zepl’s default setting is assigned to an All Members policy, with the ability to run notebooks and have other common permissions. You may want to edit this policy or create new security policies using Zepl’s highly customized features that allow for granular and specific permissions around actions in the product. For example, we encourage organizations to remove the “Delete notebook” and “Delete spaces” permissions and assign them only to administrators or certain other users to avoid accidentally deleting a space or notebook. We also find that many customers want to provide visibility of usage data and credit consumption to everyone on their team. You can do this by enabling the “View usage data” permission in your default policy. Thus it’s a good practice to identify who your users are and define what the user policies are for each user.
Have Full Control over Security Policies Out-of-the-box
There are five security policies in Zepl: Organization Owner, All Members, Security Administrator, Infrastructure Administrator and Billing Administrator. The Organization Owner policy is granted to the creator of an organization and it can be thought of as a super administrator, as it has all permissions in an organization. It’s a good practice to have a primary Organization Owner and a backup. We’ve received requests on several occasions where customers have asked us to change their organization owner because the primary admin left the company.
The other administrator policies are common roles we see in organizations. The Infrastructure Administrator policy is for team members who will need to create Zepl infrastructure such as resources, clusters, and images whereas the Billing Administrator policy is for team members who need to monitor how much Zepl is being used and responsible for paying for Zepl usage. There is also a Security Administrator policy for users that are responsible for keeping the organization secure and are responsible for configuring and maintaining Zepl’s security features such as SSO authentication, user management and security policies.
Few tips that will help you to design the right policies
No matter what your team size, it’s a good idea to get familiar with these policies and granular permissions and determine what role is appropriate for each user. Here are a few examples:
- Do you want everybody to be able to create images and data sources or do you want administrators to do that? If the latter, then your normal user should only be able to reference images and if they want something added they’ll ask the admin to create those.
- Should everybody have permissions to set scheduled jobs or only certain roles since scheduled jobs use Zepl credits?
- Do you want everyone to see the team’s credit usage?
After understanding the product level permissions available to you in the policies, you can then assign team members to use those policies and gain access to those permissions. Each team member can be assigned multiple Security Policies, and their permissions to perform actions in Zepl are the sum of all the permissions granted to them by the Security Policies.
It’s easy to build policies customized for the particular needs of your team. This is to ensure that people can all work together without jeopardizing your security and compliance standards. Then you can bring all the teams in with the right levels of access without any worries about permissions.
Interested to learn more?
About the author