You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@zeppelin.apache.org by cronoik <jo...@mail.de> on 2020/07/10 09:59:50 UTC

shiro.ini optional input

Hello everyone,

we have a multiuser environment with isolated instantiated interpreters 
and we don't want to allow our users to restart the interpreter globally 
for everyone. Therefore we defined in our shiro.ini:

> /api/interpreter/** = authc,roles[sudo] 

to only allow users who are part of the sudo group to access the 
interpreter site.

This causes an issue as users who aren't a part of the sudo group can't 
restart their interpreters from the interpreter binding menu within a 
notebok anymore. According to the documentation [1] both actions have 
the same url, but the button from the interpreter binding menu sends the 
optional json input. Is there a way to block the interpreter menu but to 
allow the interpreter restart from the interpreter binding menu?

Currently we use the following additional line as a workaround but it is 
still possible to send POST request directly to restart all interpreters:

> /api/interpreter/setting/restart/** = authc 

[1] 
https://zeppelin.apache.org/docs/0.8.0/usage/rest_api/interpreter.html#restart-an-interpreter

-- 
Best regards
cronoik