Hi! I notice that both Ingestion Source and Secrets are viewable across all users who have the relevant platform privileges. On top of that, users are able to run ingestion sources and use secrets created by other users. Is there a workaround (or are there plans to implement) such that User 1 will be unable to view/run/use ingestion sources and secrets created by User 2?

We've modeled this behavior loosely on GitHub secrets which follow a similar paradigm. Secrets once created cannot be viewed by anyone, but can be used by others as part of scheduled actions / workflows.

Thanks for getting back to me! Reason for asking is because in a scenario of a team of members working on different projects, the data sources (s3 buckets in this case) for each project are restricted to only to the project owner. So the concern is that User 1 would be able to use User 2's secrets (i.e. AWS credentials) to run ingestion and view metadata that User 1 otherwise shouldnt have access to. And coming from an organisation with stricter governance views this could pose as a concern.

Thanks for the explanation. We’ll think about what the solution could be here.

During local test deployment, I restricted metadata privileges to "Owners" of the metadata. However, User 1 can still edit the ingestion source created by User 2 and add himself as an "Owner" of the metadata, re-run the ingestion source and now User 1 can view/edit metadata extracted by User 2's ingestion source. (of course this is picturing an extreme case of malicious use but I am coming from a "covering all angles" intent in order to properly present this tool to stakeholders. Thanks for understanding!)