Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Zeppelin + shiro authorization

avatar
Super Collaborator

Hi,

I am using Zeppelin 0.6.0 with HDP 2.3.4. I have configure LDAP sync. I would like to revoke access to "Interpreter" section to all users except "admin". I tried to configure it by [urls] section in shiro.ini. Something like

[urls]

/api/login = anon

/api/notebook = authc

/api/interpreter = roles[admin]

but it does not work. Could somebody explain me how it works, or is there anyother solution to this?

1 ACCEPTED SOLUTION

avatar
Cloudera Employee

Here is the setting that I use on my cluster, that works for me.

/api/version = anon
/api/interpreter/** = authc, roles[admin]
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]
/** = authc

View solution in original post

3 REPLIES 3

avatar
Cloudera Employee

Here is the setting that I use on my cluster, that works for me.

/api/version = anon
/api/interpreter/** = authc, roles[admin]
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]
/** = authc

avatar
Super Collaborator

Thank you, could you please also share your [roles] section?

In the value roles[admin] the "admin" is a name of role or permission?

avatar
Cloudera Employee

it can be any, username or role, and inside of "[]" it accepts CSV. So, you can typically give

/api/interpreter/** = authc, roles[adminUser, adminRole, managerRole]

etc.