[
https://issues.apache.org/jira/browse/KYLIN-4781?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xiaoxiang Yu updated KYLIN-4781:
--------------------------------
Fix Version/s: Future
> Provisioning different Roles access to the LDAP Groups
> ------------------------------------------------------
>
> Key: KYLIN-4781
> URL: https://issues.apache.org/jira/browse/KYLIN-4781
> Project: Kylin
> Issue Type: Bug
> Components: Security
> Affects Versions: all, v3.0.2
> Reporter: sundaramoorthy Muthusamy
> Priority: Major
> Labels: ActiveDirectory, RolesAllowed, ldap
> Fix For: Future
>
>
> We have setup the LDAP connectivity using the kylin.properties file and all
> users we able to login to the server.
> But apart from the admin ldap User, others are not able to see any projects,
> So we have proceeded to add user level permissions in admin user and it
> worked fine. Since the number of users were high we want to grant access at
> AD group level instead of Users.
>
> Apart from ROLE_ADMIN, ROLE_ANALYST, ROLE_MODELER, ALL_USER Other groups we
> are not able to add.
> *Tried Few options:*
> # Setting up the below property with AD group names to provide admin access,
> still not able to grant access to these roles.
> ** kylin.security.acl.admin-role
> ** {color:#FF0000}*Error:* {color}operation Failed, Group xxx not exists,
> Please Add first.
> # Manually added an entry in the hbase metadata table for key "/user_group"
> with the group name.
> ** Now able to add the Role and assign but the Users in that AD group still
> not able to see the projects whose access has been granted.
>
> Net-Net we could not grant AD group to different roles at project Level.
> Kindly help.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
