It seems credentials are saved per user as described in Shiro, can you
confirm ? I don't find anything in credential API that links the datasource
user to zeppelin user... Or username on datasource should be the same as
Zeppelin username ?
Can an admin user set credentials for other users ?
2016-09-22 10:12 GMT+02:00 vincent gromakowski <
> From my point of view you have 3 options:
> 1. Use a dedicated zeppelin instance per user. Solution I currently use.
> Mesos/marathon launch an instance by user with it's linux UID. A service
> discovery is routing each user based on HTTPS basic auth to his instance.
> Because the configuration file is dedicated per user, it's easy to setup
> credentials for backend. Because the UID is also setup, spark jobs are
> running under each user permissions. This way is totally secure, but no
> possible sharing between users except sending notebooks by mail or git repo
> 2. Use a shared instance and configure Shiro permissions which allow to
> manage multi tenancy in Zeppelin (notebooks access) but not in backend as
> all users notebooks will run under the same UID and have the same
> credentials for accessing backend
> 3. Use a shared instance and a backend that allows impersonation like Livy
> server. Livy server will execute Spark sessions per user. What is unclear
> is how to deal with backend credentials ? How to configure multiple
> Cassandra credentials and attach each one to a user ? Same thing for Spark
> Livy, How can we configure each Livy session with users cassandra
> credentials ? And finally how credentials are secured in Zeppelin ?
> 2016-09-22 8:59 GMT+02:00 York Huang <yorkhuang.d...@gmail.com>:
>> Hi DuyHai,
>> I would like to know how to set up security (authentication and
>> authorization), the architecture, etc.
>> The users are using windows. I am ok to set up individual zeppelin on
>> their desktop or a central zeppelin server. But I want to know the
>> complexity, limitation, details, etc.
>> Many thanks!
>> On 16 September 2016 at 03:51, DuyHai Doan <doanduy...@gmail.com> wrote:
>>> Right now, you have some options to isolate the notes. Look at the doc
>>> about interpreter binding mode here : http://zeppelin.apache.org/d
>>> On Thu, Sep 15, 2016 at 7:15 AM, York Huang <yorkhuang.d...@gmail.com>
>>>> I want to set up a environment for a group of users so that they can
>>>> access zeppelin. Each of them should have their own space, should not
>>>> interfere each other.
>>>> I install zeppelin on the MapR sandbox. If I access it from different
>>>> computers, even I access different notebooks, the data are still shared.
>>>> What I want is the data should be totally seperate between users and
>>>> How do I set it up like this?
>>>> York Huang