Author: ahyoungryu
Date: Fri Feb 3 14:15:44 2017
New Revision: 1781552
URL: http://svn.apache.org/viewvc?rev=1781552&view=rev
Log: (empty)
Modified:
zeppelin/site/docs/0.7.0-SNAPSHOT/security/notebook_authorization.html
Modified: zeppelin/site/docs/0.7.0-SNAPSHOT/security/notebook_authorization.html
URL:
http://svn.apache.org/viewvc/zeppelin/site/docs/0.7.0-SNAPSHOT/security/notebook_authorization.html?rev=1781552&r1=1781551&r2=1781552&view=diff
==============================================================================
--- zeppelin/site/docs/0.7.0-SNAPSHOT/security/notebook_authorization.html
(original)
+++ zeppelin/site/docs/0.7.0-SNAPSHOT/security/notebook_authorization.html Fri
Feb 3 14:15:44 2017
@@ -213,15 +213,15 @@ limitations under the License.
<h2>Overview</h2>
-<p>We assume that there is an <strong>Shiro Authentication</strong> component
that associates a user string and a set of group strings with every
NotebookSocket.
+<p>We assume that there is an <strong>Shiro Authentication</strong> component
that associates a user string and a set of group strings with every
NotebookSocket.
If you don't set the authentication components yet, please check <a
href="./shiroauthentication.html">Shiro authentication for Apache Zeppelin</a>
first.</p>
<h2>Authorization Setting</h2>
-<p>You can set Zeppelin notebook permissions in each notebooks. Of course only
<strong>notebook owners</strong> can change this configuration.
+<p>You can set Zeppelin notebook permissions in each notebooks. Of course only
<strong>notebook owners</strong> can change this configuration.
Just click <strong>Lock icon</strong> and open the permission setting page in
your notebook.</p>
-<p>As you can see, each Zeppelin notebooks has 3 entities :</p>
+<p>As you can see, each Zeppelin notebooks has 3 entities : </p>
<ul>
<li>Owners ( users or groups )</li>
@@ -234,23 +234,11 @@ Just click <strong>Lock icon</strong> an
<p>Fill out the each forms with comma seperated <strong>users</strong> and
<strong>groups</strong> configured in <code>conf/shiro.ini</code> file.
If the form is empty (*), it means that any users can perform that
operation.</p>
-<p>If someone who doesn't have <strong>read</strong> permission is trying
to access the notebook or someone who doesn't have <strong>write</strong>
permission is trying to edit the notebook, Zeppelin will ask to login or block
the user.</p>
+<p>If someone who doesn't have <strong>read</strong> permission is trying
to access the notebook or someone who doesn't have <strong>write</strong>
permission is trying to edit the notebook, Zeppelin will ask to login or block
the user. </p>
<p><center><img
src="../assets/themes/zeppelin/img/docs-img/insufficient_privileges.png"></center></p>
-<h2>Separate notebook workspaces (public vs. private)</h2>
-
-<p>By default, the authorization rights allow other users to see the newly
created note, meaning the workspace is <code>public</code>. This behavior is
controllable and can be set through either
<code>ZEPPELIN_NOTEBOOK_PUBLIC</code> variable in
<code>conf/zeppelin-env.sh</code>, or through
<code>zeppelin.notebook.public</code> property in
<code>conf/zeppelin-site.xml</code>. Thus, in order to make newly created note
appear only in your <code>private</code> workspace by default, you can set
either <code>ZEPPELIN_NOTEBOOK_PUBLIC</code> to <code>false</code> in your
<code>conf/zeppelin-env.sh</code> as follows:</p>
-<div class="highlight"><pre><code class="text language-text"
data-lang="text">export ZEPPELIN_NOTEBOOK_PUBLIC="false"
-</code></pre></div>
-<p>or set <code>zeppelin.notebook.public</code> property to <code>false</code>
in <code>conf/zeppelin-site.xml</code> as follows:</p>
-<div class="highlight"><pre><code class="text language-text"
data-lang="text"><property>
- <name>zeppelin.notebook.public</name>
- <value>false</value>
- <description>Make notebook public by default when created, private
otherwise</description>
-</property>
-</code></pre></div>
-<p>Behind the scenes, when you create a new note only the <code>owners</code>
field is filled with current user, leaving <code>readers</code> and
<code>writers</code> fields empty. All the notes with at least one empty
authorization field are considered to be in <code>public</code> workspace. Thus
when setting <code>zeppelin.notebook.public</code> (or corresponding
<code>ZEPPELIN_NOTEBOOK_PUBLIC</code>) to false, newly created notes have
<code>readers</code> and <code>writers</code> fields filled with current user,
making note appear as in <code>private</code> workspace.</p>
+<p>By default when you create a new note, the owner is the user who create it.
And the readers/writers is empty which means it is shared publicly. But if you
don't want it to be shared by default. You can set
<code>zeppelin.notebook.public</code> to be false in
<code>zeppelin-site.xml</code>.</p>
<h2>How it works</h2>
@@ -259,7 +247,7 @@ If the form is empty (*), it means that
<h3>NotebookServer</h3>
<p>The <a
href="https://github.com/apache/zeppelin/blob/master/zeppelin-server/src/main/java/org/apache/zeppelin/socket/NotebookServer.java";>NotebookServer</a>
classifies every notebook operations into three categories:
<strong>Read</strong>, <strong>Write</strong>, <strong>Manage</strong>.
-Before executing a notebook operation, it checks if the user and the groups
associated with the <code>NotebookSocket</code> have permissions.
+Before executing a notebook operation, it checks if the user and the groups
associated with the <code>NotebookSocket</code> have permissions.
For example, before executing a <strong>Read</strong> operation, it checks if
the user and the groups have at least one entity that belongs to the
<strong>Reader</strong> entities.</p>
<h3>Notebook REST API call</h3>
