You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@zeppelin.apache.org by Spico Florin <sp...@gmail.com> on 2018/10/26 11:40:55 UTC
Available and custom roles
Hello!
I would like to know what are the available roles in Zeppelin (besides
admin that has *).
How can I create/define my own roles based on the actions that an user is
allowed.
In the shiro.ini the examples are to generic, having role1, role2 all
action allowed *.
Can you please define the fine grained action that I can add in arole?
I look forward for your answers.
Best regards,
Florin
Re: Available and custom roles
Posted by Spico Florin <sp...@gmail.com>.
Hello!
Thank you for your responses. Is still not clear for me, how to add
different (zeppelin actions?) with the help of the roles?
In the example provided by the liuxun there is no difference between the
two roles. Both of them have *.
If I'not using LDAP just basic shiro configuration what could be other
options?
Thanks.
Florin
On Fri, Oct 26, 2018 at 3:49 PM Fawze Abujaber <fa...@gmail.com> wrote:
> What others choices can be used for * in the roles?
>
> I configured zeppelin to work with AD and yes i'm able to differeniate
> between the 2 groups in the ADrolegroupmap?
>
> For example i have 2 groups zeppelin_admins and zeppelin_members.
>
> And when keeping url section as is, then admins will have accrss the
> mentioned urls and members not, but how i can disabled other users to
> authinticate at all.
>
> for now our AD user are able to authnticate and Access the UI.
>
> On Fri, Oct 26, 2018 at 3:44 PM liuxun <ne...@163.com> wrote:
>
>> You can refer to the following configuration:
>>
>> [users]
>> # List of users with their password allowed to access Zeppelin.
>> # To use a different strategy (LDAP / Database / ...) check the shiro doc
>> at http://shiro.apache.org/configuration.html#Configuration-INISections
>> # To enable admin user, uncomment the following line and set an
>> appropriate password.
>> admin = password1, admin
>> user1 = password1, bi
>> user2 = password2, bi
>> user3 = password3, bi
>>
>>
>> [roles]
>> bi = *
>> admin = *
>>
>> [urls]
>> # This section is used for url-based security.
>> # You can secure interpreter, configuration and credential information by
>> urls. Comment or uncomment the below urls that you want to hide.
>> # anon means the access is anonymous.
>> # authc means Form based Auth Security
>> # To enfore security, comment the line below and uncomment the next one
>> /api/version = anon
>> /api/openid/* = anon
>> /api/interpreter/** = authc, roles[admin]
>> /api/configurations/** = authc, roles[admin]
>> /api/credential/** = authc, roles[admin]
>>
>>
>> 在 2018年10月26日,下午7:40,Spico Florin <sp...@gmail.com> 写道:
>>
>> Hello!
>>
>> I would like to know what are the available roles in Zeppelin (besides
>> admin that has *).
>> How can I create/define my own roles based on the actions that an user is
>> allowed.
>> In the shiro.ini the examples are to generic, having role1, role2 all
>> action allowed *.
>>
>> Can you please define the fine grained action that I can add in arole?
>>
>> I look forward for your answers.
>> Best regards,
>> Florin
>>
>>
>>
>
> --
> Take Care
> Fawze Abujaber
>
Re: Available and custom roles
Posted by Fawze Abujaber <fa...@gmail.com>.
What others choices can be used for * in the roles?
I configured zeppelin to work with AD and yes i'm able to differeniate
between the 2 groups in the ADrolegroupmap?
For example i have 2 groups zeppelin_admins and zeppelin_members.
And when keeping url section as is, then admins will have accrss the
mentioned urls and members not, but how i can disabled other users to
authinticate at all.
for now our AD user are able to authnticate and Access the UI.
On Fri, Oct 26, 2018 at 3:44 PM liuxun <ne...@163.com> wrote:
> You can refer to the following configuration:
>
> [users]
> # List of users with their password allowed to access Zeppelin.
> # To use a different strategy (LDAP / Database / ...) check the shiro doc
> at http://shiro.apache.org/configuration.html#Configuration-INISections
> # To enable admin user, uncomment the following line and set an
> appropriate password.
> admin = password1, admin
> user1 = password1, bi
> user2 = password2, bi
> user3 = password3, bi
>
>
> [roles]
> bi = *
> admin = *
>
> [urls]
> # This section is used for url-based security.
> # You can secure interpreter, configuration and credential information by
> urls. Comment or uncomment the below urls that you want to hide.
> # anon means the access is anonymous.
> # authc means Form based Auth Security
> # To enfore security, comment the line below and uncomment the next one
> /api/version = anon
> /api/openid/* = anon
> /api/interpreter/** = authc, roles[admin]
> /api/configurations/** = authc, roles[admin]
> /api/credential/** = authc, roles[admin]
>
>
> 在 2018年10月26日,下午7:40,Spico Florin <sp...@gmail.com> 写道:
>
> Hello!
>
> I would like to know what are the available roles in Zeppelin (besides
> admin that has *).
> How can I create/define my own roles based on the actions that an user is
> allowed.
> In the shiro.ini the examples are to generic, having role1, role2 all
> action allowed *.
>
> Can you please define the fine grained action that I can add in arole?
>
> I look forward for your answers.
> Best regards,
> Florin
>
>
>
--
Take Care
Fawze Abujaber
Re: Available and custom roles
Posted by liuxun <ne...@163.com>.
You can refer to the following configuration:
[users]
# List of users with their password allowed to access Zeppelin.
# To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections <http://shiro.apache.org/configuration.html#Configuration-INISections>
# To enable admin user, uncomment the following line and set an appropriate password.
admin = password1, admin
user1 = password1, bi
user2 = password2, bi
user3 = password3, bi
[roles]
bi = *
admin = *
[urls]
# This section is used for url-based security.
# You can secure interpreter, configuration and credential information by urls. Comment or uncomment the below urls that you want to hide.
# anon means the access is anonymous.
# authc means Form based Auth Security
# To enfore security, comment the line below and uncomment the next one
/api/version = anon
/api/openid/* = anon
/api/interpreter/** = authc, roles[admin]
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]
> 在 2018年10月26日,下午7:40,Spico Florin <sp...@gmail.com> 写道:
>
> Hello!
>
> I would like to know what are the available roles in Zeppelin (besides admin that has *).
> How can I create/define my own roles based on the actions that an user is allowed.
> In the shiro.ini the examples are to generic, having role1, role2 all action allowed *.
>
> Can you please define the fine grained action that I can add in arole?
>
> I look forward for your answers.
> Best regards,
> Florin