Securing through Identity Access and Management¶
Qubole provides each account with granular-access control over different resources such as clusters, notebooks, and users/groups. For a complete list of resources, see Control Panel > Manage Roles. For more information, see:
Accessing through API Tokens¶
Only the API token of the default account can be reset. API tokens are used to authenticate with the API. An API token is for a user per account. This implies that a user, who is part of 10 accounts has 10 API tokens. A user with a single account has one API token.
An API token can be used to schedule jobs using external schedulers such as cron but it is not required when jobs are scheduled using the Qubole scheduler. The jobs are shown by the user whose API is being used. If it is required to use a single user for all scheduled jobs, create a common user to run them.
Accessing through OAuth and SAML¶
Qubole supports OAuth, which is an open standard for authorization as one of the ways to access the QDS. As part of OAuth, you can sign in to QDS using the Google credentials.
Qubole also supports SAML single-sign-on authorization service that you can enable it and use it to access the QDS.
Using SAML Single SignOn and Google Authorization Service describes how to access QDS using Google authorization and SAML.