You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zeppelin.apache.org by "Vinay Shukla (JIRA)" <ji...@apache.org> on 2016/02/02 02:47:39 UTC
[jira] [Created] (ZEPPELIN-645) Zeppelin to send authenticated user
identity downstream
Vinay Shukla created ZEPPELIN-645:
-------------------------------------
Summary: Zeppelin to send authenticated user identity downstream
Key: ZEPPELIN-645
URL: https://issues.apache.org/jira/browse/ZEPPELIN-645
Project: Zeppelin
Issue Type: Bug
Components: zeppelin-server
Reporter: Vinay Shukla
Recently Zeppelin added LDAP authentication feature. However that feature is a first step in the security store. Ultimately the use case is that the resource (e.g HDFS files) accessed through Zeppelin can be secured with a policy that governs which user can access this resource.
This will need Zeppelin to send down proxy user information.
See https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/Superusers.html
The use case here is the next step beyond LDAP authentication, such that the end user identity flows downstream such that Data Scientist A and Data Scientist B are able to work on their own datasets by default and must not see each others data, unless HDFS/Hive permissions allows this access.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)