Support Questions

frank93 · ‎09-07-2016

Hi,

I am using Zeppelin 0.6.0 with HDP 2.3.4. I have configure LDAP sync. I would like to revoke access to "Interpreter" section to all users except "admin". I tried to configure it by [urls] section in shiro.ini. Something like

[urls]

/api/login = anon

/api/notebook = authc

/api/interpreter = roles[admin]

but it does not work. Could somebody explain me how it works, or is there anyother solution to this?

prabhjyot_singh · ‎09-07-2016

Here is the setting that I use on my cluster, that works for me.

/api/version = anon
/api/interpreter/** = authc, roles[admin]
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]
/** = authc

View solution in original post

prabhjyot_singh · ‎09-07-2016

Here is the setting that I use on my cluster, that works for me.

/api/version = anon
/api/interpreter/** = authc, roles[admin]
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]
/** = authc

frank93 · ‎09-07-2016

Thank you, could you please also share your [roles] section?

In the value roles[admin] the "admin" is a name of role or permission?

prabhjyot_singh · ‎09-08-2016

it can be any, username or role, and inside of "[]" it accepts CSV. So, you can typically give

/api/interpreter/** = authc, roles[adminUser, adminRole, managerRole]

etc.

Cloudera Community

Support Questions

Zeppelin + shiro authorization