You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@zeppelin.apache.org by Vinay Shukla <vi...@gmail.com> on 2017/03/09 18:58:22 UTC

Re: [DISCUSS] Admin feature

Thanks for starting this thread and I wish I saw this earlier.

I filed https://issues.apache.org/jira/browse/ZEPPELIN-2236 recently and
much of that feature request is applicable in this blog.

From this JIRA here are some thoughts on what are different areas of
Zeppelin where we can put in access control.

Also access control makes most sense after authentication is enabled so the
below assumes authentication is enabled.

1. Limit who can access Zeppelin (only white listed users/groups should be
allowed access)
2. Limit who can create new Zeppelin notes (only white listed users/groups
should be allowed access)
3. Limit who can edit/restart/delete certain interpreters (only white
listed users/groups should be allowed access)

Please comment.

Thanks,
Vinay


On Thu, Feb 23, 2017 at 11:56 AM, Ruslan Dautkhanov <da...@gmail.com>
wrote:

> I do like the idea of the Admin feature. It complements Multitenancy very
> well.
> Not every user should be able to change global settings that affect all
> users.
> Also most of our Zeppelin users have only high-level understanding of Spark
> and can only write sql queries. So the admin feature helps with reducing
> perceived complexity of Zeppelin too. Although I think even admins
> shouldn't
> see some user-level settings, for example, saved passwords should only be
> visible by users themselves.
>
> As Jeff suggested it might be good to integrate shiro authorization into
> core
> Zeppelin. So you could map certain LDAP groups / AD groups to "admin"
> privilege; or just map a list of users to be "admin"s would do too.
>
>
>
> --
> Ruslan Dautkhanov
>
> On Wed, Feb 22, 2017 at 10:14 PM, Jongyoul Lee <jo...@gmail.com> wrote:
>
>> Hi folks,
>>
>> Recently, I've heard some new feature assumed that it needed the admin
>> account or similar role. But Apache Zeppelin doesn't have any admin feature
>> like hiding/showing menu and settings. I want to know how community thinks
>> about that feature.
>>
>> My first concern is that we have to consider two modes: anonymous and
>> authenticated.
>>
>> Feel free to start the discussion on pros and cons.
>>
>> Regards,
>> Jongyoul
>>
>> --
>> 이종열, Jongyoul Lee, 李宗烈
>> http://madeng.net
>>
>
>