Hi all--

I'm data scientist brand new to Zeppelin and just installed it for the first time on a aws t2 instance. I was really excited to see how easy it was to get up and running having never administered a server before and i'm hoping to get a shiro.ini template file working for a small group of 30 data scientists. But i kind-of hit a wall when configuring the permissions.

I think i want to do something like this: https://community.hortonworks.com/questions/139082/zeppelin-users-roles.html
and i've read (but did not understand) this https://docs.hortonworks.com/HDPDocuments/HDP3/HDP-3.0.0/configuring-zeppelin-security/zeppelin-conf... and this https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.0/bk_zeppelin-component-guide/content/config-...

I want three roles:

• admin -- can do everything
• teamlead -- can pip install libraries, add people to dev role -- can create notebooks an read/write other devs notebooks, pull data from s3 bucket
• dev -- can create notebooks an read/write other devs notebooks, pull data from s3 bucket

Also:
is it possible to have groups so that only if you're in the same group can you see each others data/ notebooks?
is it possible to use a .pem cert for log-in as opposed to un/pw?

Does anyone have a shiro.ini template file configured somewhat close to this that they would be willing to share on git?
Where can i go to read more about this LDAP stuff and understand how to configure zeppelin? Everything on here is either too LDAP generic or so specific i cant tell if it applies to what i'm trying to do

Have pity on a DS playing Engineer?