Unfortunately, zeppelin will throw an exception if I change the [user] section in shiro configuration. I guess this is because I am using AD integration hence local users are not allowed?
Please advise Manuel From: iamabug [mailto:18133622...@163.com] Sent: Tuesday, November 19, 2019 4:54 PM To: users@zeppelin.apache.org Subject: Re: restrict interpreters to users I think you misconfigure [roles] paragraph and [users] paragraph. Suppose you want mansop to be an admin and alice to be a plain user without access to `interpreter` menu, you can try this: [users] mansop = password_for_mansop, admin alice = password_for_alice [roles] role1 = * role2 = * role3 = * admin = * note that alice is not an admin or any other special role so she can only use basic features. I think [roles] paragraph should be about role name and their permissions but I am not aware of any specific permissions and the documentation needs to provide more details. Just to be clear, if the configuration above is used, role1, role2, role3 have the same permissions as admin does. Please let me know if it works. On 11/19/2019 13:17,Manuel Sopena Ballesteros<manuel...@garvan.org.au><mailto:manuel...@garvan.org.au> wrote: We are using shiro to authenticate against Active Directory. I changed the shiro configuration like this [roles] role1 = * role2 = * role3 = * admin = mansop however other users different than mansop can see and edit interpreters. NOTE: mansop is an AD login I would like to restrict users from editing or viewing interpreters. Any thoughts? Thank you Manuel From: iamabug [mailto:18133622...@163.com<mailto:18133622...@163.com>] Sent: Tuesday, November 19, 2019 12:31 PM To: users@zeppelin.apache.org<mailto:users@zeppelin.apache.org> Subject: Re:restrict interpreters to users Do you mean anonymous login by `by default` ? If yes, enabling Shiro authentication can change this ? Please refer to https://zeppelin.apache.org/docs/0.8.2/setup/security/shiro_authentication.html On 11/19/2019 09:28,Manuel Sopena Ballesteros<manuel...@garvan.org.au><mailto:manuel...@garvan.org.au> wrote: Dear Zeppelin community, By default interpreters configuration can be changed by any user. Is there a way to avoid this? I would like to hide some interpreters so people can’t change them. Thank you very much Manuel Sopena Ballesteros Big Data Engineer | Kinghorn Centre for Clinical Genomics [cid:image001.png@01D4C835.ED3C2230] <https://www.garvan.org.au/> a: 384 Victoria Street, Darlinghurst NSW 2010 p: +61 2 9355 5760 | +61 4 12 123 123 e: manuel...@garvan.org.au<mailto:manuel...@garvan.org.au> Like us on Facebook<http://www.facebook.com/garvaninstitute> | Follow us on Twitter<http://twitter.com/GarvanInstitute> and LinkedIn<http://www.linkedin.com/company/garvan-institute-of-medical-research> NOTICE Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed. NOTICE Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed. NOTICE Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed.