You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by "Madiha Khalid (JIRA)" <ji...@apache.org> on 2018/05/29 07:35:00 UTC

[jira] [Created] (ZEPPELIN-3509) Notebook Authorization not working

Madiha Khalid created ZEPPELIN-3509:
---------------------------------------

             Summary: Notebook Authorization not working
                 Key: ZEPPELIN-3509
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-3509
             Project: Zeppelin
          Issue Type: Bug
          Components: security
    Affects Versions: 0.8.0
            Reporter: Madiha Khalid
         Attachments: Step_1.PNG, Step_2a.PNG, Step_2b.PNG, Step_3.PNG, shiro.ini

Dear Team, 

In zeppelin 0.8.0 release Notebook authorization not working properly.  

Authorization Setting for User Notebook Note 1

User1 -> Runner

admin -> Owner

User1 able to update notebook permission for all (owner, runner, reader, writer )

Steps to reproduce:
 # Login as admin and give access to user 1 as a runner, shown in attached image step
 # Login as user1 open Note 1 here user 1 is able to open and update the notebook permissions shown in attached image step 2a.
 # User 1 changed Owner rights from admin to user1 and save successfully shown in attached image 2b.
 # Login as admin, open Note 1 notebook here we can see the Owner rights are changed from admin to user1 shown in attached image Step 3.

According to my understanding, User1 should not able to open Notebook permission button. I also attached my shiro.ini file.

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)