[DISCUSS] Admin feature

[Jongyoul Lee <jo...@gmail.com>]

Hi folks,

Recently, I've heard some new feature assumed that it needed the admin
account or similar role. But Apache Zeppelin doesn't have any admin feature
like hiding/showing menu and settings. I want to know how community thinks
about that feature.

My first concern is that we have to consider two modes: anonymous and
authenticated.

Feel free to start the discussion on pros and cons.

Regards,
Jongyoul

-- 
이종열, Jongyoul Lee, 李宗烈
http://madeng.net

Re: [DISCUSS] Admin feature

[Jeff Zhang <zj...@gmail.com>]

I think in authenticated mode, admin is necessary.  What admin should take
charge can be in the following 4 areas:

1.  Interpreter setting. Admin can control a template for each interpreter,
and each user's template extend this base template but can also customize
his own setting. Besides that, admin can control which user can use which
interpreter. Because some interpreter has some potential security issue, we
should not allow everyone to use it (like shell interpreter)
2.  Note and user management. Admin can control the permission of notes and
users.  Like which user can use which note.
3.  Job management.
4.  Not sure about helium. But I think admin should be responsible for
helium plugins because plugins are external code which could bring some
potential security issue.

Besides that I have 2 concerns:
1.  Is admin mandatory in shrio ? Is it possible that I enable shrio but no
admin is defined ?
2. Should zeppelin take care of these or integrate the authorization of
shiro and let shrio to take care of these ? e.g. We can treat interpreter
and note as resource of shiro, and let shiro to control their permission
and relationship.



Alec Lee <al...@gmail.com>于2017年2月23日周四 下午1:23写道：

> We have multiple uses in our organization share same anonymous account,
> which will potentially cause the problems, we hope to have true
> authenticated mode.
>
> thanks
>
> AL
>
> On Feb 22, 2017, at 9:14 PM, Jongyoul Lee <jo...@gmail.com> wrote:
>
> Hi folks,
>
> Recently, I've heard some new feature assumed that it needed the admin
> account or similar role. But Apache Zeppelin doesn't have any admin feature
> like hiding/showing menu and settings. I want to know how community thinks
> about that feature.
>
> My first concern is that we have to consider two modes: anonymous and
> authenticated.
>
> Feel free to start the discussion on pros and cons.
>
> Regards,
> Jongyoul
>
> --
> 이종열, Jongyoul Lee, 李宗烈
> http://madeng.net
>
>
>

Re: [DISCUSS] Admin feature

[Jeff Zhang <zj...@gmail.com>]

I think in authenticated mode, admin is necessary.  What admin should take
charge can be in the following 4 areas:

1.  Interpreter setting. Admin can control a template for each interpreter,
and each user's template extend this base template but can also customize
his own setting. Besides that, admin can control which user can use which
interpreter. Because some interpreter has some potential security issue, we
should not allow everyone to use it (like shell interpreter)
2.  Note and user management. Admin can control the permission of notes and
users.  Like which user can use which note.
3.  Job management.
4.  Not sure about helium. But I think admin should be responsible for
helium plugins because plugins are external code which could bring some
potential security issue.

Besides that I have 2 concerns:
1.  Is admin mandatory in shrio ? Is it possible that I enable shrio but no
admin is defined ?
2. Should zeppelin take care of these or integrate the authorization of
shiro and let shrio to take care of these ? e.g. We can treat interpreter
and note as resource of shiro, and let shiro to control their permission
and relationship.



Alec Lee <al...@gmail.com>于2017年2月23日周四 下午1:23写道：

> We have multiple uses in our organization share same anonymous account,
> which will potentially cause the problems, we hope to have true
> authenticated mode.
>
> thanks
>
> AL
>
> On Feb 22, 2017, at 9:14 PM, Jongyoul Lee <jo...@gmail.com> wrote:
>
> Hi folks,
>
> Recently, I've heard some new feature assumed that it needed the admin
> account or similar role. But Apache Zeppelin doesn't have any admin feature
> like hiding/showing menu and settings. I want to know how community thinks
> about that feature.
>
> My first concern is that we have to consider two modes: anonymous and
> authenticated.
>
> Feel free to start the discussion on pros and cons.
>
> Regards,
> Jongyoul
>
> --
> 이종열, Jongyoul Lee, 李宗烈
> http://madeng.net
>
>
>

Re: [DISCUSS] Admin feature

[Alec Lee <al...@gmail.com>]

We have multiple uses in our organization share same anonymous account, which will potentially cause the problems, we hope to have true authenticated mode. 

thanks

AL
> On Feb 22, 2017, at 9:14 PM, Jongyoul Lee <jo...@gmail.com> wrote:
> 
> Hi folks,
> 
> Recently, I've heard some new feature assumed that it needed the admin account or similar role. But Apache Zeppelin doesn't have any admin feature like hiding/showing menu and settings. I want to know how community thinks about that feature.
> 
> My first concern is that we have to consider two modes: anonymous and authenticated.
> 
> Feel free to start the discussion on pros and cons.
> 
> Regards,
> Jongyoul
> 
> -- 
> 이종열, Jongyoul Lee, 李宗烈
> http://madeng.net <http://madeng.net/>

Re: [DISCUSS] Admin feature

[Vinay Shukla <vi...@gmail.com>]

Thanks for starting this thread and I wish I saw this earlier.

I filed https://issues.apache.org/jira/browse/ZEPPELIN-2236 recently and
much of that feature request is applicable in this blog.

From this JIRA here are some thoughts on what are different areas of
Zeppelin where we can put in access control.

Also access control makes most sense after authentication is enabled so the
below assumes authentication is enabled.

1. Limit who can access Zeppelin (only white listed users/groups should be
allowed access)
2. Limit who can create new Zeppelin notes (only white listed users/groups
should be allowed access)
3. Limit who can edit/restart/delete certain interpreters (only white
listed users/groups should be allowed access)

Please comment.

Thanks,
Vinay


On Thu, Feb 23, 2017 at 11:56 AM, Ruslan Dautkhanov <da...@gmail.com>
wrote:

> I do like the idea of the Admin feature. It complements Multitenancy very
> well.
> Not every user should be able to change global settings that affect all
> users.
> Also most of our Zeppelin users have only high-level understanding of Spark
> and can only write sql queries. So the admin feature helps with reducing
> perceived complexity of Zeppelin too. Although I think even admins
> shouldn't
> see some user-level settings, for example, saved passwords should only be
> visible by users themselves.
>
> As Jeff suggested it might be good to integrate shiro authorization into
> core
> Zeppelin. So you could map certain LDAP groups / AD groups to "admin"
> privilege; or just map a list of users to be "admin"s would do too.
>
>
>
> --
> Ruslan Dautkhanov
>
> On Wed, Feb 22, 2017 at 10:14 PM, Jongyoul Lee <jo...@gmail.com> wrote:
>
>> Hi folks,
>>
>> Recently, I've heard some new feature assumed that it needed the admin
>> account or similar role. But Apache Zeppelin doesn't have any admin feature
>> like hiding/showing menu and settings. I want to know how community thinks
>> about that feature.
>>
>> My first concern is that we have to consider two modes: anonymous and
>> authenticated.
>>
>> Feel free to start the discussion on pros and cons.
>>
>> Regards,
>> Jongyoul
>>
>> --
>> 이종열, Jongyoul Lee, 李宗烈
>> http://madeng.net
>>
>
>

Re: [DISCUSS] Admin feature

[Ruslan Dautkhanov <da...@gmail.com>]

I do like the idea of the Admin feature. It complements Multitenancy very
well.
Not every user should be able to change global settings that affect all
users.
Also most of our Zeppelin users have only high-level understanding of Spark
and can only write sql queries. So the admin feature helps with reducing
perceived complexity of Zeppelin too. Although I think even admins
shouldn't
see some user-level settings, for example, saved passwords should only be
visible by users themselves.

As Jeff suggested it might be good to integrate shiro authorization into
core
Zeppelin. So you could map certain LDAP groups / AD groups to "admin"
privilege; or just map a list of users to be "admin"s would do too.



-- 
Ruslan Dautkhanov

On Wed, Feb 22, 2017 at 10:14 PM, Jongyoul Lee <jo...@gmail.com> wrote:

> Hi folks,
>
> Recently, I've heard some new feature assumed that it needed the admin
> account or similar role. But Apache Zeppelin doesn't have any admin feature
> like hiding/showing menu and settings. I want to know how community thinks
> about that feature.
>
> My first concern is that we have to consider two modes: anonymous and
> authenticated.
>
> Feel free to start the discussion on pros and cons.
>
> Regards,
> Jongyoul
>
> --
> 이종열, Jongyoul Lee, 李宗烈
> http://madeng.net
>

Re: [DISCUSS] Admin feature

[Alec Lee <al...@gmail.com>]

We have multiple uses in our organization share same anonymous account, which will potentially cause the problems, we hope to have true authenticated mode. 

thanks

AL
> On Feb 22, 2017, at 9:14 PM, Jongyoul Lee <jo...@gmail.com> wrote:
> 
> Hi folks,
> 
> Recently, I've heard some new feature assumed that it needed the admin account or similar role. But Apache Zeppelin doesn't have any admin feature like hiding/showing menu and settings. I want to know how community thinks about that feature.
> 
> My first concern is that we have to consider two modes: anonymous and authenticated.
> 
> Feel free to start the discussion on pros and cons.
> 
> Regards,
> Jongyoul
> 
> -- 
> 이종열, Jongyoul Lee, 李宗烈
> http://madeng.net <http://madeng.net/>