[ https://issues.apache.org/jira/browse/KYLIN-4781?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Xiaoxiang Yu updated KYLIN-4781: -------------------------------- Fix Version/s: Future > Provisioning different Roles access to the LDAP Groups > ------------------------------------------------------ > > Key: KYLIN-4781 > URL: https://issues.apache.org/jira/browse/KYLIN-4781 > Project: Kylin > Issue Type: Bug > Components: Security > Affects Versions: all, v3.0.2 > Reporter: sundaramoorthy Muthusamy > Priority: Major > Labels: ActiveDirectory, RolesAllowed, ldap > Fix For: Future > > > We have setup the LDAP connectivity using the kylin.properties file and all > users we able to login to the server. > But apart from the admin ldap User, others are not able to see any projects, > So we have proceeded to add user level permissions in admin user and it > worked fine. Since the number of users were high we want to grant access at > AD group level instead of Users. > > Apart from ROLE_ADMIN, ROLE_ANALYST, ROLE_MODELER, ALL_USER Other groups we > are not able to add. > *Tried Few options:* > # Setting up the below property with AD group names to provide admin access, > still not able to grant access to these roles. > ** kylin.security.acl.admin-role > ** {color:#FF0000}*Error:* {color}operation Failed, Group xxx not exists, > Please Add first. > # Manually added an entry in the hbase metadata table for key "/user_group" > with the group name. > ** Now able to add the Role and assign but the Users in that AD group still > not able to see the projects whose access has been granted. > > Net-Net we could not grant AD group to different roles at project Level. > Kindly help. -- This message was sent by Atlassian Jira (v8.3.4#803005)