[jira] [Created] (KYLIN-4781) Provisioning different Roles access to the LDAP Groups

["sundaramoorthy Muthusamy (Jira)" <ji...@apache.org>]

sundaramoorthy Muthusamy created KYLIN-4781:
-----------------------------------------------

             Summary: Provisioning different Roles access to the LDAP Groups
                 Key: KYLIN-4781
                 URL: https://issues.apache.org/jira/browse/KYLIN-4781
             Project: Kylin
          Issue Type: Bug
          Components: Security
    Affects Versions: v3.0.2, all
            Reporter: sundaramoorthy Muthusamy


We have setup the LDAP connectivity using the kylin.properties file and all users we able to login to the server. 

But apart from the admin ldap User, others are not able to see any projects, So we have proceeded to add user level permissions in admin user and it worked fine. Since the number of users were high we want to grant access at AD group level instead of Users.

 

Apart from ROLE_ADMIN, ROLE_ANALYST, ROLE_MODELER, ALL_USER Other groups we are not able to add. 

*Tried Few options:*
 # Setting up the below property with AD group names to provide admin access, still not able to grant access to these roles.
 ** kylin.security.acl.admin-role
 ** {color:#FF0000}*Error:* {color}operation Failed, Group xxx not exists, Please Add first.
 # Manually added an entry in the hbase metadata table for key "/user_group" with the group name.
 ** Now able to add the Role and assign but the Users in that AD group still not able to see the projects whose access has been granted.

 

Net-Net we could not grant AD group to different roles at project Level. Kindly help.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)