By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS SageMaker Notebook-specific Permissions

0

Hi,

I was wondering if there is any way in SageMaker Studio to:

  1. Prevent specified users/user profiles from modifying notebooks
  2. Restrict the same users/user profiles to only run specific notebooks
Topics
Machine Learning & AI
Tags
Amazon SageMakerAmazon SageMaker Studio
Language
English
TMoraru
asked 5 months ago268 views
2 Answers
0

Hi,

Thanks for sharing more context to your question.

The new SageMaker Studio experience contains a default private space that only you can access and run in JupyterLab or Code Editor. This means that, by default, notebooks won't be shared across profiles/users under domain.

If want to keep having shared notebooks, you're still able to create a new space in SageMaker Studio Classic (previous experience), where content will be shared across all users in your domain.

More information of new Amazon SageMaker Studio spaces (private/shared) can be found here.

Let me know If I can give further support and have a nice weekend!

*If you find this useful and solves your question, please remember to accept anwer.

AWS
avelizf
answered 5 months ago
  • TMoraru
    5 months ago

    I think this does answer part of my questions, namely "2. Restrict the same users/user profiles to only run specific notebooks". I can see how you can use private/shared spaces to contol which notebooks a user might have access to. However, I am not sure if that answers the part of the question about restricting who can modify said notebooks.

-1

Hi TMoraru!

Let me recall How do I check what role my Amazon SageMaker Studio user uses, and how do I change this role? post on how can control users permissions.

To cover your question, under existing Amazon Sagemaker roles:

  1. Ensure users IAM permissions do not include StartNotebookInstance, to avoid runing an specific notebook (or explicitly deny).
  2. Check UpdateNotebookInstance, to control who can update notebook.
AWS
avelizf
answered 5 months ago
  • TMoraru
    5 months ago

    Hi,

    Thanks for taking the time to answer! Unfortunately, I think I should have been a bit more clear in my original post. What I am interested in is specifically notebook files within the elastic file system, and not NotebookInstances. Unless I am mistaken, a NotebookInstance is not necessarily associated to just one notebook file, correct? What I am looking for is more along the lines of being able to start a NotebookInstance only for specific notebook files and not others.

  • Bram
    5 months ago

    It looks like the links you provided discuss permissions on running notebook instances or modifying instance settings, but OP was asking about setting permissions on running and editing specific Jupyter notebooks in SageMaker Studio, not notebook instances.

  • avelizf
    5 months ago

    Thank you both for adding more context to question. Find on my new answer how can address this situation with the new SageMaker Studio.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content