You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by "András Hegedüs (JIRA)" <ji...@apache.org> on 2019/05/23 13:57:00 UTC

[jira] [Created] (ZEPPELIN-4167) if runners permission is empty, every authenticated user can view the notebook

András Hegedüs created ZEPPELIN-4167:
----------------------------------------

             Summary: if runners permission is empty, every authenticated user can view the notebook
                 Key: ZEPPELIN-4167
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-4167
             Project: Zeppelin
          Issue Type: Bug
          Components: security
    Affects Versions: 0.8.0
            Reporter: András Hegedüs


Upgrading from 0.7 we realised that all notebooks are listed and can be opened and can be viewed by all authenticated user. We have found that runners permission was empty in the gui and was not there as a key in notebook-authorization.json.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)