Hi, I am trying to restrict a specific group of ActiveDirectory users to access zeppelin. My shiro looks something like below, can you please suggest where i have to add the group name or make the changes so that the group of users are not able to login to zeppelin. [users] # List of users with their password allowed to access Zeppelin. # To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections #admin = password1 #user1 = password2, role1, role2 #user2 = password3, role3 #user3 = password4, role2 # Sample LDAP configuration, for user Authentication, currently tested for single Realm [main] activeDirectoryRealm = org.apache.zeppelin.server.ActiveDirectoryGroupRealm activeDirectoryRealm.systemUsername = cn=ldap-reader,ou=ServiceUsers,dc=lab,dc=hortonworks,dc=net activeDirectoryRealm.systemPassword = badPassword #activeDirectoryRealm.hadoopSecurityCredentialPath = jceks://user/zeppelin/conf/zeppelin.jceks activeDirectoryRealm.searchBase = dc=lab,dc=hortonworks,dc=net activeDirectoryRealm.url = ldap://ad.example.net:389 activeDirectoryRealm.groupRolesMap = "cn=ldap-admin,ou=ServiceUsers,dc=lab,dc=hortonworks,dc=net":"admin" activeDirectoryRealm.authorizationCachingEnabled =false sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager securityManager.sessionManager = $sessionManager securityManager.realms = $activeDirectoryRealm # 86,400,000 milliseconds = 24 hour securityManager.sessionManager.globalSessionTimeout =86400000 shiro.loginUrl =/api/login [urls] # anon means the access is anonymous. # authcBasic means Basic Auth Security # To enfore security, comment the line below and uncomment the next one /api/version = anon #/** = anon /api/interpreter/** = authc, roles[admin] /api/configurations/** = authc, roles[admin] /api/credential/** = authc, roles[admin] /** = authc Please suggest, Thanks ... View more