Created 09-07-2016 10:55 AM
Hi,
I am using Zeppelin 0.6.0 with HDP 2.3.4. I have configure LDAP sync. I would like to revoke access to "Interpreter" section to all users except "admin". I tried to configure it by [urls] section in shiro.ini. Something like
[urls] /api/login = anon /api/notebook = authc /api/interpreter = roles[admin]
but it does not work. Could somebody explain me how it works, or is there anyother solution to this?
Created 09-07-2016 11:16 AM
Here is the setting that I use on my cluster, that works for me.
/api/version = anon /api/interpreter/** = authc, roles[admin] /api/configurations/** = authc, roles[admin] /api/credential/** = authc, roles[admin] /** = authc
Created 09-07-2016 11:16 AM
Here is the setting that I use on my cluster, that works for me.
/api/version = anon /api/interpreter/** = authc, roles[admin] /api/configurations/** = authc, roles[admin] /api/credential/** = authc, roles[admin] /** = authc
Created 09-07-2016 11:20 AM
Thank you, could you please also share your [roles] section?
In the value roles[admin] the "admin" is a name of role or permission?
Created 09-08-2016 05:17 AM
it can be any, username or role, and inside of "[]" it accepts CSV. So, you can typically give
/api/interpreter/** = authc, roles[adminUser, adminRole, managerRole]
etc.