good morning, how do I enable token based authentication in DataHub? currently that part of UI is disabled. Is there a config to enable that?

Hey y'all, wondering if anyone has deployed DH behind an authentication proxy before that does the entire auth flow but then provides a signed JWT to DH for Authn/z after the full auth flow has been completed?

Hello everyone! I am looking into the authentication and authorization topic and got several questions. So far as I understand, frontend authentication can be performed with OIDC and Azure AD, and in order to do that we need to register DataHub application in the MS Azure portal and then run the Azure AD source plugin. Is this correct? Then, for authorization roles and policies are used which can be assigned to users and groups. It is still not possible to assign DataHub roles based on Azure roles (https://datahubproject.io/docs/authorization/roles#whats-coming-next) but is it possible to assign roles/policies to Azure groups? That is not clear from the docs.

X-posting, fingers crossed someone here has any thoughts, https://datahubspace.slack.com/archives/C029A3M079U/p1668099985693689

Hi! A couple of questions about authorization: I would like to define a policy such as: allow some users/groups to edit description for the datasets in a given data platform instance. This is somehow similar to this one: https://datahubproject.io/docs/authorization/policies#coming-soon

• Ability to define Metadata Policies against multiple reosurces scoped to particular “Containers” (e.g. A “schema”, “database”, or “collection”)

Just going higher in the hierarchy up to the platform instance level. In the current status, I was thinking on solving this with

resource_urn

criteria https://datahubproject.io/docs/authorization/policies#resources Does that criteria support other operators different from

EQUALS

such as starts with, contains or even regexp? Definitely in the UI this is not possible, is it possible via policy as code? Second question is about applying to owners.

Whether this policy should be apply to owners of the Metadata asset. If true, those who are marked as owners of a Metadata Asset, either directly or indirectly via a Group, will have the selected privileges.

Can this be restricted to some ownership in particular?

Hello team, somebody could help me?

PipelineInitError: Failed to configure the source (powerbi): Powerbi authorization failed . Please check your input configuration.