跳转至

Security(安全(Security))

Code Workspaces ensures that Foundry’s security and permissions model is applied to the third-party IDEs connected to Foundry. This layer of security on top of the third-party applications served by Code Workspaces provides a number of benefits:

  • Data loaded in Code Workspaces is tracked by Foundry. Data downloads and uploads are restricted in Code Workspaces other than methods governed by Foundry’s data governance and access controls.
  • Every request to Code Workspaces is validated against Foundry’s governance framework. This means that if a user’s access to a Code Workspace is revoked, or access to the security markings of any data imported in the workspace, that user will immediately lose access to the application.
  • Data produced from Code Workspaces is tracked by Foundry, so access to output data will be restricted if a user loses access to data which may have been used to produce the output data.
  • Users are fully isolated. Each user opening a given Jupyter® or RStudio® Code Workspace will get their own isolated environment.
  • R and Python packages can only be loaded from Foundry Artifacts channels backing the repository, which enables control over the Conda, PyPI, or CRAN packages that can be used in a specific Code Workspace.
  • External API calls can only be made to URLs configured as Network Policies which have been added to the Code Workspace.

Restricted outputs mode

Restricted outputs mode provides enhanced safeguards when working with sensitive data. Restricted outputs mode is a "read-only" mode that restricts write operations and external source connections to ensure that data cannot be exported from the code workspace. In particular, it allows you to load restricted views into a workspace.

When enabled, restricted outputs mode:

  • Prevents write operations to all Foundry outputs, including datasets, models, and tables.
  • Disables telemetry collection and logs, as well as data checkpoint uploads, while still preserving code checkpoints.
  • Disables network policies and sources that have been added to the workspace. These resources remain in the workspace but are inactivated while in restricted outputs mode.

As described in the documentation on code checkpoints, it is your responsibility to ensure that code files you write while in restricted outputs mode do not contain data.

To enable or disable restricted outputs mode:

  1. Open the Settings side panel in your code workspace.
  2. Locate the Restricted outputs mode toggle.
  3. Toggle the setting on or off as needed.
  4. Save your changes and restart your workspace when prompted.

:::callout{theme="neutral"} After enabling restricted outputs mode, your workspace will prompt you to restart. Your setting will persist across future workspace restarts until you explicitly disable it. :::


RStudio® and Shiny® are trademarks of Posit™.

Jupyter®, JupyterLab®, and the Jupyter® logos are trademarks or registered trademarks of NumFOCUS.

All third-party trademarks (including logos and icons) referenced remain the property of their respective owners. No affiliation or endorsement is implied.


中文翻译


安全(Security)

代码工作区(Code Workspaces)可确保Foundry的安全与权限模型(permissions model)适用于所有连接到Foundry的第三方集成开发环境(IDE)。代码工作区为其承载的第三方应用额外提供了这一安全层,可带来多项优势:

  • 加载到代码工作区中的数据都受Foundry追踪。除了受Foundry数据治理(data governance)与访问控制(access controls)管控的方法之外,代码工作区中禁止其他所有数据下载和上传操作。
  • 所有发往代码工作区的请求都会经过Foundry治理框架(governance framework)的校验。这意味着如果某用户的代码工作区访问权限被收回,或者该用户失去了工作区中导入的任意数据的安全标记(security markings)访问权限,该用户将立即失去对应用的访问权。
  • 代码工作区生成的数据均受Foundry追踪,因此如果用户失去了生成某输出数据可能用到的任意源数据的访问权限,其对该输出数据的访问也会被限制。
  • 用户之间完全隔离。打开任意指定Jupyter®或RStudio®代码工作区的每位用户都会获得专属的隔离环境(isolated environment)。
  • R和Python包仅能从支撑对应代码库的Foundry Artifacts渠道加载,由此可管控特定代码工作区中可使用的Conda、PyPI或CRAN包。
  • 仅允许向已添加到代码工作区、配置为网络策略(Network Policies)的URL发起外部API调用。

受限输出模式(Restricted outputs mode)

处理敏感数据(sensitive data)时,受限输出模式可提供更高等级的安全保障。受限输出模式是一种「只读(read-only)」模式,会限制写入操作(write operations)和外部源连接,确保数据无法从代码工作区导出。尤其值得注意的是,该模式支持将受限视图(restricted views)加载到工作区中。

启用受限输出模式后,系统会执行以下限制:

  • 禁止对所有Foundry输出资源执行写入操作,包括数据集(datasets)、模型(models)和表格(tables)。
  • 禁用遥测采集(telemetry collection)、日志(logs)上报以及数据检查点(data checkpoint)上传,但仍会保留代码检查点(code checkpoints)
  • 禁用已添加到工作区的网络策略和数据源。这些资源仍会保留在工作区内,但在受限输出模式启用期间处于未激活状态。

正如代码检查点相关文档所述,您有责任确保在受限输出模式下编写的代码文件不包含明文数据。

如需启用或禁用受限输出模式,请执行以下操作:

  1. 打开代码工作区中的设置(Settings)侧边栏。
  2. 找到受限输出模式开关。
  3. 根据需要开启或关闭该设置。
  4. 保存更改,在收到提示时重启工作区。

:::callout{theme="neutral"} 启用受限输出模式后,工作区会提示您重启。该设置会在后续工作区重启时持续生效,直到您主动禁用为止。 :::


RStudio® 与 Shiny® 均为 Posit™ 的商标。

Jupyter®、JupyterLab® 及 Jupyter® 标识均为 NumFOCUS 的商标或注册商标。

本文提及的所有第三方商标(包括标识和图标)所有权均归其各自所有者所有。提及上述商标不代表我方与商标所有者存在关联,也不代表我方获得了对方的官方认可。