Got a question about safeguarding against deletes;...
# all-things-deployment
Got a question about safeguarding against deletes; currently, we allow other teams to ingest datasets via the rest endpoint and with metadata-authentication enabled. They can ingest via https://<url>/api/gms using their recipe and token as we did not expose GMS, only frontend. But we also noticed that the
datahub delete
command is accessible by the other parties as well. Just wondering how you guys would set out to block or at least logging people who send hard delete commands? Some kind of IP whitelist/blacklist for the Ingress and endpoint combination? Is it possible?
or perhaps teams are using datahub in a centralised manner where one team has access to all DBs, hence this isn't a concern as there is no need to expose /api/gms to the general public.
I believe people could set up their own IP whitelist/blacklist against the endpoint as you suggested! and right now we don't record who actually deletes via cli.. definitely something to think about. all of your concerns and thoughts make sense and is 100% something we should consider going forward