I think this is less of a prefect specific question than a âhow do I allow safe execution of third party code in an isolated wayâ type of question. Since prefect is just python, if you accomplish the latter, you coincidentally accomplish the former.
So as a word of fair warning, I have zero experience with this, but have some initial thoughts. First, you need to be able to make sure your execution environments are isolated. Even if you have 2 users running small jobs (like wonât impact performance of each other), they shouldnât have access to the same file system, shouldnât share the same dependencies, etc. Youâre likely going to accomplish this with a non-python specific tool, possibly something like Kubernetes that can both enforce isolation (in its own container) and you can coincidentally also set the amount of available resources. Youâll also want a way to count resource utilization of your computing environment by user.
The portion that I know I donât know enough about and donât want to give advice on is security of the whole thing. You have to worry about running python in a safe way so that users canât access root on your VMs, among other things. You need to take into consideration of other random things that occur when youâre providing a place to execute other peopleâs code, like how 3rd party APIs sometimes block IP addresses if they see too many requests coming in at once (thinking its ddos traffic as an example).