For question 1) map a LDAP group to admin role in Kylin In conf/kylin.properties there are two properties: acl.adminRole= acl.defaultRole=
"acl.adminRole" is mapped to the LDAP group which you want to grant the admin role in Kylin. For example, in LDAP you create a group called "KYLIN_ADMINS", then here you should set the property value to "ROLE_KYLIN_ADMINS". Then when a user from this group logins Kylin, he will have the admin authority (can see the "Admin" tab and doing all actions) "acl.defaultRole" is the default roles that you want to grant to all authenticated user; In our case, we set this property to "ROLE_ANALYST,ROLE_MODELER", which means every login user has analyst and modeler role. Beside this, you can grant the permissions at cube level, please find the "Access" tab when expanding a cube. For question 2), I didn't get your point, a sample case should be helpful. 2015-12-12 22:03 GMT+08:00 Marek Wiewiorka <[email protected]>: > I would be extreme grateful!!! > In the first place if you could please write a few hints on how to > configure cubes ACLs + admin role mapping with LDAP. > > Many thanks in advance! > Marek > > 2015-12-12 12:28 GMT+01:00 Shaofeng Shi <[email protected]>: > >> I planned to write a doc on this, but seems it need be prioritized now. >> >> Marek Wiewiorka <[email protected]>编写: >> >> >> Hi All - I managed to get LDAP authentication working but I'm unable to >> setup proper authorization. >> >> Does anybody of you got it working properly - roles mapping, privileges >> on cubes with LDAP? >> >> I will summarize briefly what I wasn't able to do: >> 1)map a LDAP group to admin role in Kylin >> 2)Despite granting only one group 'cube query' privilege on a cube >> everyone who is properly authenticated can query the data which is >> obviously wrong. >> >> Any help more than welcome! >> >> Marek >> >> >> > > -- Best regards, Shaofeng Shi
