You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by "Vinay Shukla (JIRA)" <ji...@apache.org> on 2016/02/02 02:47:39 UTC

[jira] [Created] (ZEPPELIN-645) Zeppelin to send authenticated user identity downstream

Vinay Shukla created ZEPPELIN-645:
-------------------------------------

             Summary: Zeppelin to send authenticated user identity downstream
                 Key: ZEPPELIN-645
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-645
             Project: Zeppelin
          Issue Type: Bug
          Components: zeppelin-server
            Reporter: Vinay Shukla


Recently Zeppelin added LDAP authentication feature. However that feature is a first step in the security store. Ultimately the use case is that the resource (e.g HDFS files) accessed through Zeppelin can be secured with a policy that governs which user can access this resource.

This will need Zeppelin to send down proxy user information.

See https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/Superusers.html

The use case here is the next step beyond LDAP authentication, such that the end user identity flows downstream such that Data Scientist A and Data Scientist B are able to work on their own datasets by default and must not see each others data, unless HDFS/Hive permissions allows this access.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)