Limitations for Analytical Applications
This topic lists all the limitations associated with the Analytical Applications feature.
- Securing project resources
Cloudera Data Science Workbench (CDSW) applications are accessible by any user with read-only (or higher) access to the project. However, CDSW does not actively prevent you from running an application that allows a read-only user (for example, Viewers) to modify files belonging to the project. We recommend to make the application truly read-only in terms of files, models, and other resources belonging to the project.
- Public Applications
By default, authentication for applications is enforced on all ports and users cannot create public applications. If desired, the Administrator user can allow users to create public applications that can be accessed by unauthenticated users.
To allow users to create public applications on an ML workspace:- As an Administrator user, turn on the feature flag in Admin > Security by selecting Allow applications to be configured with unauthenticated access.
- When creating a new application, select Enable Unauthenticated Access.
- For an existing application, in Settings select Enable Unauthenticated Access.
To prevent all users from creating public applications, go to Admin > Security and deselect Allow applications to be configured with unauthenticated access. After one minute, all existing public applications stop being publicly accessible.
- Port availabilityCDSW exposes only 3 ports per running session. This means you can run a maximum of 3 web applications simultaneously in a session:
- one on
CDSW_APP_PORT
- one on
CDSW_READONLY_PORT
- and, one on the now-deprecated
CDSW_PUBLIC_PORT
However, by default the editors feature runs third-party browser-based editors on
CDSW_APP_PORT
. Therefore, for projects that are already using browser-based third-party editors, you are left with only 2 other ports to run applications on:CDSW_READONLY_PORT
andCDSW_PUBLIC_PORT
. - one on
- Transparent Authentication
CDSW can pass user authentication to an Application, if the Application expects an authorized request. CDSW uses the
REMOTE-USER
field for this task.