Support notebook protection enabled globally for an instance as default

[mstair]

For installations where you have multiple RCloud instances that share common infrastructure to store notebooks, support enabling notebook protection globally for an instance.

The driver being if one instance supports more sensitive data and you need to ensure some simple protection against data leakage via notebook content, without users will needing to manually configure each new notebook.

It's understood there will need to be consideration/dependency on a predefined global group with membership for all users.

[gordonwoodhull]

I can see how this would be helpful.

Please note that in the current implementation, these notebooks will not be available to view anonymously - the encryption depends on logging in.

IOW, currently if you can run the notebook you can view the code.

[gordonwoodhull]

I apologize, @mstair, we did not get to this in release 1.7.

It should be pretty easy to set a default encryption group. What's trickier is adding users automatically to that group. Currently we don't do user management ourselves - if a user has a Unix login and a GitHub login which correspond to the RCloud instance, they can log in. So we don't even detect when a new user shows up.

Something that's even trickier is that an encryption group is currently owned by a particular user, and that user needs to be logged in in order for the credentials to be present to change the encryption group. This other kind of group would have to be owned by the RCloud instance in a secure way, and I'm not sure how to do that.

[mstair]

@gordonwoodhull completely understood and now that I have a better understanding of RCloud internals and account management, this request may be out of scope.