I am using HDP 2.5.I want to have access control mechanism (for different files on HDFS) for different users through zeppelin. As Zeppelin process runs with "zeppelin" user, how can I create ranger policies for different users?
I have tried creating ranger policy for "zeppelin" user which works fine but I am not clear on how to create access control for different zeppelin users?
I triggered spark jobs which are started by "zeppelin" user, so again access to HDFS files is restricted to "zeppelin" user. I want to enforce this to different users logging in to same zeppelin instance.
Any help will be appreciated.
First authentication via AD/LDAP needs to be enabled in Zeppelin. You can search HCC for articles showing how to set that up.
Next, for Spark jobs you have to enable and configure Livy component in the Spark service via Ambari. Then configure and enable the Livy interpreter in Zeppelin. After that authenticated users would runs their spark code in Zeppelin via the %livy.sql or %livy.spark interpreters. Livy interpreters support impersonation for spark jobs for a multi-user Zeppelin environment via the Livy service. /cc @vshukla in case we already have a definitive HCC article for this scenario.
Let us know if you run into any issues.
I have tried this and zeppelin started the livy-session with the logged in user. My question is for all the interpreters (I used spark as an example in the question description).I saw some posts covering spark and hive use case for the same.