Interpreter Impersonation [1] is recently introduced and there is further improvement in progress [2].
I didn't see any issue about impersonate spark interpreter using --proxy-user. Do you mind create one? Thanks, moon [1] http://zeppelin.apache.org/docs/0.7.0-SNAPSHOT/manual/userimpersonation.html [2] https://github.com/apache/zeppelin/pull/1672 On Tue, Nov 29, 2016 at 11:05 AM vincent gromakowski < vincent.gromakow...@gmail.com> wrote: > It bas been asked many times. For now only livy can impersonate the spark > user. For other interpreters it's not possible as I know... > > Le 29 nov. 2016 7:44 PM, "Ruslan Dautkhanov" <dautkha...@gmail.com> a > écrit : > > What's a best way to have a multi-tennant Zeppelin notebook? > > It seems we currently will have to ask users to run their own Zeppelin > instances. > Since each user has its own authethentication & authorization based on > user who runs > Zeppelin server. > > I see best solution could be to have probably --keytab and --principal to > be > notebook-level parameters rather than server-level. > > So, for example, I can see Zeppelin multitennancy could be implemented as > 1) users after being authenticated through LDAP, > 2) that user gets mapped to a --keytab and --principal pair specific for > that user > so in-Hadoop HDFS, Hive etc access will be specific for that user > (through HDFS ACL, and Sentry/Ranger roles). > > Another way: It might be easier to implement through spark-submit's > --proxy-user > parameter, but I am not sure details in this case. > I know that for example Cloudera's Hue is using proxy authentication quite > successfully > in our organization. I.e. Hue does LDAP authentication, and then > impersonates to that > specific user and all requests are made on behalf of that user (although > `hue` is actual > OS user that runs Hue service). Other Hadoop services are just configured > to trust > user `hue` to impersonate to other users. > > Is there is a better way? > > Anything in Zeppelin roadmap to bring user multitennancy? > > > Thank you, > Ruslan Dautkhanov > >
