You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zeppelin.apache.org by ah...@apache.org on 2017/02/03 14:15:44 UTC
svn commit: r1781552 -
/zeppelin/site/docs/0.7.0-SNAPSHOT/security/notebook_authorization.html
Author: ahyoungryu
Date: Fri Feb 3 14:15:44 2017
New Revision: 1781552
URL: http://svn.apache.org/viewvc?rev=1781552&view=rev
Log: (empty)
Modified:
zeppelin/site/docs/0.7.0-SNAPSHOT/security/notebook_authorization.html
Modified: zeppelin/site/docs/0.7.0-SNAPSHOT/security/notebook_authorization.html
URL: http://svn.apache.org/viewvc/zeppelin/site/docs/0.7.0-SNAPSHOT/security/notebook_authorization.html?rev=1781552&r1=1781551&r2=1781552&view=diff
==============================================================================
--- zeppelin/site/docs/0.7.0-SNAPSHOT/security/notebook_authorization.html (original)
+++ zeppelin/site/docs/0.7.0-SNAPSHOT/security/notebook_authorization.html Fri Feb 3 14:15:44 2017
@@ -213,15 +213,15 @@ limitations under the License.
<h2>Overview</h2>
-<p>We assume that there is an <strong>Shiro Authentication</strong> component that associates a user string and a set of group strings with every NotebookSocket.
+<p>We assume that there is an <strong>Shiro Authentication</strong> component that associates a user string and a set of group strings with every NotebookSocket.
If you don't set the authentication components yet, please check <a href="./shiroauthentication.html">Shiro authentication for Apache Zeppelin</a> first.</p>
<h2>Authorization Setting</h2>
-<p>You can set Zeppelin notebook permissions in each notebooks. Of course only <strong>notebook owners</strong> can change this configuration.
+<p>You can set Zeppelin notebook permissions in each notebooks. Of course only <strong>notebook owners</strong> can change this configuration.
Just click <strong>Lock icon</strong> and open the permission setting page in your notebook.</p>
-<p>As you can see, each Zeppelin notebooks has 3 entities :</p>
+<p>As you can see, each Zeppelin notebooks has 3 entities : </p>
<ul>
<li>Owners ( users or groups )</li>
@@ -234,23 +234,11 @@ Just click <strong>Lock icon</strong> an
<p>Fill out the each forms with comma seperated <strong>users</strong> and <strong>groups</strong> configured in <code>conf/shiro.ini</code> file.
If the form is empty (*), it means that any users can perform that operation.</p>
-<p>If someone who doesn't have <strong>read</strong> permission is trying to access the notebook or someone who doesn't have <strong>write</strong> permission is trying to edit the notebook, Zeppelin will ask to login or block the user.</p>
+<p>If someone who doesn't have <strong>read</strong> permission is trying to access the notebook or someone who doesn't have <strong>write</strong> permission is trying to edit the notebook, Zeppelin will ask to login or block the user. </p>
<p><center><img src="../assets/themes/zeppelin/img/docs-img/insufficient_privileges.png"></center></p>
-<h2>Separate notebook workspaces (public vs. private)</h2>
-
-<p>By default, the authorization rights allow other users to see the newly created note, meaning the workspace is <code>public</code>. This behavior is controllable and can be set through either <code>ZEPPELIN_NOTEBOOK_PUBLIC</code> variable in <code>conf/zeppelin-env.sh</code>, or through <code>zeppelin.notebook.public</code> property in <code>conf/zeppelin-site.xml</code>. Thus, in order to make newly created note appear only in your <code>private</code> workspace by default, you can set either <code>ZEPPELIN_NOTEBOOK_PUBLIC</code> to <code>false</code> in your <code>conf/zeppelin-env.sh</code> as follows:</p>
-<div class="highlight"><pre><code class="text language-text" data-lang="text">export ZEPPELIN_NOTEBOOK_PUBLIC="false"
-</code></pre></div>
-<p>or set <code>zeppelin.notebook.public</code> property to <code>false</code> in <code>conf/zeppelin-site.xml</code> as follows:</p>
-<div class="highlight"><pre><code class="text language-text" data-lang="text"><property>
- <name>zeppelin.notebook.public</name>
- <value>false</value>
- <description>Make notebook public by default when created, private otherwise</description>
-</property>
-</code></pre></div>
-<p>Behind the scenes, when you create a new note only the <code>owners</code> field is filled with current user, leaving <code>readers</code> and <code>writers</code> fields empty. All the notes with at least one empty authorization field are considered to be in <code>public</code> workspace. Thus when setting <code>zeppelin.notebook.public</code> (or corresponding <code>ZEPPELIN_NOTEBOOK_PUBLIC</code>) to false, newly created notes have <code>readers</code> and <code>writers</code> fields filled with current user, making note appear as in <code>private</code> workspace.</p>
+<p>By default when you create a new note, the owner is the user who create it. And the readers/writers is empty which means it is shared publicly. But if you don't want it to be shared by default. You can set <code>zeppelin.notebook.public</code> to be false in <code>zeppelin-site.xml</code>.</p>
<h2>How it works</h2>
@@ -259,7 +247,7 @@ If the form is empty (*), it means that
<h3>NotebookServer</h3>
<p>The <a href="https://github.com/apache/zeppelin/blob/master/zeppelin-server/src/main/java/org/apache/zeppelin/socket/NotebookServer.java">NotebookServer</a> classifies every notebook operations into three categories: <strong>Read</strong>, <strong>Write</strong>, <strong>Manage</strong>.
-Before executing a notebook operation, it checks if the user and the groups associated with the <code>NotebookSocket</code> have permissions.
+Before executing a notebook operation, it checks if the user and the groups associated with the <code>NotebookSocket</code> have permissions.
For example, before executing a <strong>Read</strong> operation, it checks if the user and the groups have at least one entity that belongs to the <strong>Reader</strong> entities.</p>
<h3>Notebook REST API call</h3>