You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@zeppelin.apache.org by Manuel Sopena Ballesteros <ma...@garvan.org.au> on 2019/11/19 01:28:04 UTC
restrict interpreters to users
Dear Zeppelin community,
By default interpreters configuration can be changed by any user. Is there a way to avoid this? I would like to hide some interpreters so people can't change them.
Thank you very much
Manuel Sopena Ballesteros
Big Data Engineer | Kinghorn Centre for Clinical Genomics
[cid:image001.png@01D4C835.ED3C2230] <https://www.garvan.org.au/>
a: 384 Victoria Street, Darlinghurst NSW 2010
p: +61 2 9355 5760 | +61 4 12 123 123
e: manuel.sb@garvan.org.au<ma...@garvan.org.au>
Like us on Facebook<http://www.facebook.com/garvaninstitute> | Follow us on Twitter<http://twitter.com/GarvanInstitute> and LinkedIn<http://www.linkedin.com/company/garvan-institute-of-medical-research>
NOTICE
Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed.
RE: restrict interpreters to users
Posted by Manuel Sopena Ballesteros <ma...@garvan.org.au>.
Unfortunately, zeppelin will throw an exception if I change the [user] section in shiro configuration.
I guess this is because I am using AD integration hence local users are not allowed?
Please advise
Manuel
From: iamabug [mailto:18133622460@163.com]
Sent: Tuesday, November 19, 2019 4:54 PM
To: users@zeppelin.apache.org
Subject: Re: restrict interpreters to users
I think you misconfigure [roles] paragraph and [users] paragraph.
Suppose you want mansop to be an admin and alice to be a plain user without access to `interpreter` menu, you can try this:
[users]
mansop = password_for_mansop, admin
alice = password_for_alice
[roles]
role1 = *
role2 = *
role3 = *
admin = *
note that alice is not an admin or any other special role so she can only use basic features.
I think [roles] paragraph should be about role name and their permissions but I am not aware of any specific permissions and the documentation needs to provide more details. Just to be clear, if the configuration above is used, role1, role2, role3 have the same permissions as admin does.
Please let me know if it works.
On 11/19/2019 13:17,Manuel Sopena Ballesteros<ma...@garvan.org.au> wrote:
We are using shiro to authenticate against Active Directory.
I changed the shiro configuration like this
[roles]
role1 = *
role2 = *
role3 = *
admin = mansop
however other users different than mansop can see and edit interpreters.
NOTE: mansop is an AD login
I would like to restrict users from editing or viewing interpreters.
Any thoughts?
Thank you
Manuel
From: iamabug [mailto:18133622460@163.com<ma...@163.com>]
Sent: Tuesday, November 19, 2019 12:31 PM
To: users@zeppelin.apache.org<ma...@zeppelin.apache.org>
Subject: Re:restrict interpreters to users
Do you mean anonymous login by `by default` ?
If yes, enabling Shiro authentication can change this ? Please refer to https://zeppelin.apache.org/docs/0.8.2/setup/security/shiro_authentication.html
On 11/19/2019 09:28,Manuel Sopena Ballesteros<ma...@garvan.org.au> wrote:
Dear Zeppelin community,
By default interpreters configuration can be changed by any user. Is there a way to avoid this? I would like to hide some interpreters so people can’t change them.
Thank you very much
Manuel Sopena Ballesteros
Big Data Engineer | Kinghorn Centre for Clinical Genomics
[cid:image001.png@01D4C835.ED3C2230] <https://www.garvan.org.au/>
a: 384 Victoria Street, Darlinghurst NSW 2010
p: +61 2 9355 5760 | +61 4 12 123 123
e: manuel.sb@garvan.org.au<ma...@garvan.org.au>
Like us on Facebook<http://www.facebook.com/garvaninstitute> | Follow us on Twitter<http://twitter.com/GarvanInstitute> and LinkedIn<http://www.linkedin.com/company/garvan-institute-of-medical-research>
NOTICE
Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed.
NOTICE
Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed.
NOTICE
Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed.
Re: restrict interpreters to users
Posted by iamabug <18...@163.com>.
Sorry that I never use AD to manage users. I think we need some help from Zeppelin developers.
On 11/20/2019 08:48,Manuel Sopena Ballesteros<ma...@garvan.org.au> wrote:
Rather than exception, I get an HTTP ERROR 503 when I hardcode a user in shiro config
Manuel
From: Manuel Sopena Ballesteros
Sent: Wednesday, November 20, 2019 11:37 AM
To:users@zeppelin.apache.org
Subject: RE: restrict interpreters to users
Unfortunately, zeppelin will throw an exception if I change the [user] section in shiro configuration.
I guess this is because I am using AD integration hence local users are not allowed?
Please advise
Manuel
From: iamabug [mailto:18133622460@163.com]
Sent: Tuesday, November 19, 2019 4:54 PM
To:users@zeppelin.apache.org
Subject: Re: restrict interpreters to users
I think you misconfigure [roles] paragraph and [users] paragraph.
Suppose you want mansop to be an admin and alice to be a plain user without access to `interpreter` menu, you can try this:
[users]
mansop = password_for_mansop, admin
alice = password_for_alice
[roles]
role1 = *
role2 = *
role3 = *
admin = *
note that alice is not an admin or any other special role so she can only use basic features.
I think [roles] paragraph should be about role name and their permissions but I am not aware of any specific permissions and the documentation needs to provide more details. Just to be clear, if the configuration above is used, role1, role2, role3 have the same permissions as admin does.
Please let me know if it works.
On 11/19/2019 13:17,Manuel Sopena Ballesteros<ma...@garvan.org.au> wrote:
We are using shiro to authenticate against Active Directory.
I changed the shiro configuration like this
[roles]
role1 = *
role2 = *
role3 = *
admin = mansop
however other users different than mansop can see and edit interpreters.
NOTE: mansop is an AD login
I would like to restrict users from editing or viewing interpreters.
Any thoughts?
Thank you
Manuel
From: iamabug [mailto:18133622460@163.com]
Sent: Tuesday, November 19, 2019 12:31 PM
To:users@zeppelin.apache.org
Subject: Re:restrict interpreters to users
Do you mean anonymous login by `by default` ?
If yes, enabling Shiro authentication can change this ? Please refer to https://zeppelin.apache.org/docs/0.8.2/setup/security/shiro_authentication.html
On 11/19/2019 09:28,Manuel Sopena Ballesteros<ma...@garvan.org.au> wrote:
Dear Zeppelin community,
By default interpreters configuration can be changed by any user. Is there a way to avoid this? I would like to hide some interpreters so people can’t change them.
Thank you very much
Manuel Sopena Ballesteros
Big Data Engineer | Kinghorn Centre for Clinical Genomics
a:384 Victoria Street, Darlinghurst NSW 2010
p: +61 2 9355 5760 | +61 4 12 123 123
e: manuel.sb@garvan.org.au
Like us on Facebook | Follow us on Twitterand LinkedIn
NOTICE
Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed.
NOTICE
Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed.
NOTICE
Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed.
RE: restrict interpreters to users
Posted by Manuel Sopena Ballesteros <ma...@garvan.org.au>.
Rather than exception, I get an HTTP ERROR 503 when I hardcode a user in shiro config
[cid:image002.png@01D59F98.6B7039E0]
Manuel
From: Manuel Sopena Ballesteros
Sent: Wednesday, November 20, 2019 11:37 AM
To: users@zeppelin.apache.org
Subject: RE: restrict interpreters to users
Unfortunately, zeppelin will throw an exception if I change the [user] section in shiro configuration.
I guess this is because I am using AD integration hence local users are not allowed?
Please advise
Manuel
From: iamabug [mailto:18133622460@163.com]
Sent: Tuesday, November 19, 2019 4:54 PM
To: users@zeppelin.apache.org
Subject: Re: restrict interpreters to users
I think you misconfigure [roles] paragraph and [users] paragraph.
Suppose you want mansop to be an admin and alice to be a plain user without access to `interpreter` menu, you can try this:
[users]
mansop = password_for_mansop, admin
alice = password_for_alice
[roles]
role1 = *
role2 = *
role3 = *
admin = *
note that alice is not an admin or any other special role so she can only use basic features.
I think [roles] paragraph should be about role name and their permissions but I am not aware of any specific permissions and the documentation needs to provide more details. Just to be clear, if the configuration above is used, role1, role2, role3 have the same permissions as admin does.
Please let me know if it works.
On 11/19/2019 13:17,Manuel Sopena Ballesteros<ma...@garvan.org.au> wrote:
We are using shiro to authenticate against Active Directory.
I changed the shiro configuration like this
[roles]
role1 = *
role2 = *
role3 = *
admin = mansop
however other users different than mansop can see and edit interpreters.
NOTE: mansop is an AD login
I would like to restrict users from editing or viewing interpreters.
Any thoughts?
Thank you
Manuel
From: iamabug [mailto:18133622460@163.com<ma...@163.com>]
Sent: Tuesday, November 19, 2019 12:31 PM
To: users@zeppelin.apache.org<ma...@zeppelin.apache.org>
Subject: Re:restrict interpreters to users
Do you mean anonymous login by `by default` ?
If yes, enabling Shiro authentication can change this ? Please refer to https://zeppelin.apache.org/docs/0.8.2/setup/security/shiro_authentication.html
On 11/19/2019 09:28,Manuel Sopena Ballesteros<ma...@garvan.org.au> wrote:
Dear Zeppelin community,
By default interpreters configuration can be changed by any user. Is there a way to avoid this? I would like to hide some interpreters so people can’t change them.
Thank you very much
Manuel Sopena Ballesteros
Big Data Engineer | Kinghorn Centre for Clinical Genomics
[cid:image001.png@01D4C835.ED3C2230] <https://www.garvan.org.au/>
a: 384 Victoria Street, Darlinghurst NSW 2010
p: +61 2 9355 5760 | +61 4 12 123 123
e: manuel.sb@garvan.org.au<ma...@garvan.org.au>
Like us on Facebook<http://www.facebook.com/garvaninstitute> | Follow us on Twitter<http://twitter.com/GarvanInstitute> and LinkedIn<http://www.linkedin.com/company/garvan-institute-of-medical-research>
NOTICE
Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed.
NOTICE
Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed.
NOTICE
Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed.
Re: restrict interpreters to users
Posted by iamabug <18...@163.com>.
I think you misconfigure [roles] paragraph and [users] paragraph.
Suppose you want mansop to be an admin and alice to be a plain user without access to `interpreter` menu, you can try this:
[users]
mansop = password_for_mansop, admin
alice = password_for_alice
[roles]
role1 = *
role2 = *
role3 = *
admin = *
note that alice is not an admin or any other special role so she can only use basic features.
I think [roles] paragraph should be about role name and their permissions but I am not aware of any specific permissions and the documentation needs to provide more details. Just to be clear, if the configuration above is used, role1, role2, role3 have the same permissions as admin does.
Please let me know if it works.
On 11/19/2019 13:17,Manuel Sopena Ballesteros<ma...@garvan.org.au> wrote:
We are using shiro to authenticate against Active Directory.
I changed the shiro configuration like this
[roles]
role1 = *
role2 = *
role3 = *
admin = mansop
however other users different than mansop can see and edit interpreters.
NOTE: mansop is an AD login
I would like to restrict users from editing or viewing interpreters.
Any thoughts?
Thank you
Manuel
From: iamabug [mailto:18133622460@163.com]
Sent: Tuesday, November 19, 2019 12:31 PM
To:users@zeppelin.apache.org
Subject: Re:restrict interpreters to users
Do you mean anonymous login by `by default` ?
If yes, enabling Shiro authentication can change this ? Please refer to https://zeppelin.apache.org/docs/0.8.2/setup/security/shiro_authentication.html
On 11/19/2019 09:28,Manuel Sopena Ballesteros<ma...@garvan.org.au> wrote:
Dear Zeppelin community,
By default interpreters configuration can be changed by any user. Is there a way to avoid this? I would like to hide some interpreters so people can’t change them.
Thank you very much
Manuel Sopena Ballesteros
Big Data Engineer | Kinghorn Centre for Clinical Genomics
a:384 Victoria Street, Darlinghurst NSW 2010
p: +61 2 9355 5760 | +61 4 12 123 123
e: manuel.sb@garvan.org.au
Like us on Facebook | Follow us on Twitterand LinkedIn
NOTICE
Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed.
NOTICE
Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed.
RE: Re:restrict interpreters to users
Posted by Manuel Sopena Ballesteros <ma...@garvan.org.au>.
We are using shiro to authenticate against Active Directory.
I changed the shiro configuration like this
[roles]
role1 = *
role2 = *
role3 = *
admin = mansop
however other users different than mansop can see and edit interpreters.
NOTE: mansop is an AD login
I would like to restrict users from editing or viewing interpreters.
Any thoughts?
Thank you
Manuel
From: iamabug [mailto:18133622460@163.com]
Sent: Tuesday, November 19, 2019 12:31 PM
To: users@zeppelin.apache.org
Subject: Re:restrict interpreters to users
Do you mean anonymous login by `by default` ?
If yes, enabling Shiro authentication can change this ? Please refer to https://zeppelin.apache.org/docs/0.8.2/setup/security/shiro_authentication.html
On 11/19/2019 09:28,Manuel Sopena Ballesteros<ma...@garvan.org.au> wrote:
Dear Zeppelin community,
By default interpreters configuration can be changed by any user. Is there a way to avoid this? I would like to hide some interpreters so people can’t change them.
Thank you very much
Manuel Sopena Ballesteros
Big Data Engineer | Kinghorn Centre for Clinical Genomics
[cid:image001.png@01D4C835.ED3C2230] <https://www.garvan.org.au/>
a: 384 Victoria Street, Darlinghurst NSW 2010
p: +61 2 9355 5760 | +61 4 12 123 123
e: manuel.sb@garvan.org.au<ma...@garvan.org.au>
Like us on Facebook<http://www.facebook.com/garvaninstitute> | Follow us on Twitter<http://twitter.com/GarvanInstitute> and LinkedIn<http://www.linkedin.com/company/garvan-institute-of-medical-research>
NOTICE
Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed.
NOTICE
Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed.
Re:restrict interpreters to users
Posted by iamabug <18...@163.com>.
Do you mean anonymous login by `by default` ?
If yes, enabling Shiro authentication can change this ? Please refer to https://zeppelin.apache.org/docs/0.8.2/setup/security/shiro_authentication.html
On 11/19/2019 09:28,Manuel Sopena Ballesteros<ma...@garvan.org.au> wrote:
Dear Zeppelin community,
By default interpreters configuration can be changed by any user. Is there a way to avoid this? I would like to hide some interpreters so people can’t change them.
Thank you very much
Manuel Sopena Ballesteros
Big Data Engineer | Kinghorn Centre for Clinical Genomics
a:384 Victoria Street, Darlinghurst NSW 2010
p: +61 2 9355 5760 | +61 4 12 123 123
e: manuel.sb@garvan.org.au
Like us on Facebook | Follow us on Twitterand LinkedIn
NOTICE
Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed.