You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@kylin.apache.org by "Xiaoxiang Yu (Jira)" <ji...@apache.org> on 2020/10/10 03:20:00 UTC
[jira] [Updated] (KYLIN-4781) Provisioning different Roles access
to the LDAP Groups
[ https://issues.apache.org/jira/browse/KYLIN-4781?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Xiaoxiang Yu updated KYLIN-4781:
--------------------------------
Fix Version/s: Future
> Provisioning different Roles access to the LDAP Groups
> ------------------------------------------------------
>
> Key: KYLIN-4781
> URL: https://issues.apache.org/jira/browse/KYLIN-4781
> Project: Kylin
> Issue Type: Bug
> Components: Security
> Affects Versions: all, v3.0.2
> Reporter: sundaramoorthy Muthusamy
> Priority: Major
> Labels: ActiveDirectory, RolesAllowed, ldap
> Fix For: Future
>
>
> We have setup the LDAP connectivity using the kylin.properties file and all users we able to login to the server.
> But apart from the admin ldap User, others are not able to see any projects, So we have proceeded to add user level permissions in admin user and it worked fine. Since the number of users were high we want to grant access at AD group level instead of Users.
>
> Apart from ROLE_ADMIN, ROLE_ANALYST, ROLE_MODELER, ALL_USER Other groups we are not able to add.
> *Tried Few options:*
> # Setting up the below property with AD group names to provide admin access, still not able to grant access to these roles.
> ** kylin.security.acl.admin-role
> ** {color:#FF0000}*Error:* {color}operation Failed, Group xxx not exists, Please Add first.
> # Manually added an entry in the hbase metadata table for key "/user_group" with the group name.
> ** Now able to add the Role and assign but the Users in that AD group still not able to see the projects whose access has been granted.
>
> Net-Net we could not grant AD group to different roles at project Level. Kindly help.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)