Security Implications of Anonymous Access

This topic describes the security implications of using anonymous access. For instructions on enabling anonymous access and restricting anonymous users from seeing certain data, see Enabling Anonymous User Access.

Anonymous User Permissions

When anonymous access is enabled:

  • The server allows users to connect without a username or password. A user can connect to the server without having an account in the directory server.
  • Anonymous users are considered members of the Everyone role. Anonymous users can read data in the data lake that is tagged as readable by Everyone.

Anonymous User Limitations

Anonymous users cannot:

  • Add, delete, or modify data. Anonymous users cannot write of delete data even if the Everyone role has write or delete access.
  • Change access control lists on data. Anonymous users cannot change the access controls for any data on the server even if the Everyone role has write or delete access to the access control list.

Important Considerations

This section lists important ideas to consider before enabling anonymous access.

Consider Existing Access Control

Users might have been assigning access control without anticipating that users could have anonymous access. Before enabling anonymous access, consider that data that is viewable by the Everyone role becomes visible to anonymous users. You might need to change the access control for existing data, such as by granting read access to the Authenticated Users role instead of the Everyone role. For information about changing the access to specific analytics, see Managing Dashboard and Lens Security.

Consider Server Network Protections

Consider that anyone who can reach the server via the network will be able to use it as an anonymous user. Evaluate firewalls and other network protection mechanisms to limit access to the data lake server as desired. For example, you might want to allow anonymous access to anyone inside your organization's internal network but disable access to the server from the public internet.

Anonymous Access Can Be Useful

Allowing anonymous access makes it easy to share data and views of data with others. For example, it means that you can share your Hi-Res Analytics with people who do not have a user account. It also lets you embed read-only interactive Hi-Res Analytic views inside other websites.