You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@zeppelin.apache.org by Windy Qin <wi...@163.com> on 2017/02/07 10:08:14 UTC

The access of interpreter setting, credentials and configurations info

hi all,
   The Zeppelin 0.7.0 enabled user to secure interpreter setting, credentials and configurations info by shiro. 
   If you remove the following notes in shiro.ini:
[
#/api/interpreter/** = authc, roles[admin]
#/api/configurations/** = authc, roles[admin]
#/api/credential/** = authc, roles[admin]
]
but the other users without role of admin also can click the interpreter setting, credentials and configurations, and it refuse those users. 
   So why not set the setting  invisible to the users without role of admin instead of refusing to visit when click the settings ?

Re: The access of interpreter setting, credentials and configurations info

Posted by moon soo Lee <mo...@apache.org>.

Although i don't know the best way to pass Shiro configuration to the
front-end, the hide some menu based on permission make sense.

Thanks,
moon

On Tue, Feb 7, 2017 at 7:08 PM Windy Qin <wi...@163.com> wrote:

> hi all,
>    The Zeppelin 0.7.0 enabled user to secure interpreter setting,
> credentials and configurations info by shiro.
>    If you remove the following notes in shiro.ini:
> [
> #/api/interpreter/** = authc, roles[admin]
> #/api/configurations/** = authc, roles[admin]
> #/api/credential/** = authc, roles[admin]
> ]
> but the other users without role of admin also can click the interpreter
> setting, credentials and configurations, and it refuse those users.
>    So why not set the setting  invisible to the users without role of
> admin instead of refusing to visit when click the settings ?
>
>