Collaborating Securely on Projects
Before adding project collaborators, you must remember that assigning the
Contributor
or
Admin role to a project collaborator is the same as giving them write access
to your data in CDH. This is because project contributors and project administrators
have write access to all your project code (including any library code that you might
not be actively inspecting). For example, a contributor/admin could modify project
file(s) to insert code that deletes some data on the CDH cluster. The next time you
launch a session and run the same code, it will appear as though you deleted the data
yourself.
Additionally, project collaborators also have access to all actively running sessions
and jobs. This means that a malicious user can easily impersonate you by accessing
one of your active sessions. Therefore, it is extremely important to restrict
project access to trusted collaborators only. Note that Cloudera Data Science
Workbench 1.4.3 introduces a new feature that allows site administrators to restrict
this ability by allowing only session creators to execute commands within their own
active sessions. For details, see Restricting Access to Active Sessions.
For these reasons, Cloudera recommends using Git to collaborate securely on shared
projects. This will also help avoid file modification conflicts when your team is
working on more elaborate projects.