Recently, I've heard some new feature assumed that it needed the admin account or similar role. But Apache Zeppelin doesn't have any admin feature like hiding/showing menu and settings. I want to know how community thinks about that feature.
My first concern is that we have to consider two modes: anonymous and authenticated.
Feel free to start the discussion on pros and cons.
We have multiple uses in our organization share same anonymous account, which will potentially cause the problems, we hope to have true authenticated mode.
I think in authenticated mode, admin is necessary. What admin should take charge can be in the following 4 areas:
1. Interpreter setting. Admin can control a template for each interpreter, and each user's template extend this base template but can also customize his own setting. Besides that, admin can control which user can use which interpreter. Because some interpreter has some potential security issue, we should not allow everyone to use it (like shell interpreter)
2. Note and user management. Admin can control the permission of notes and users. Like which user can use which note.
3. Job management.
4. Not sure about helium. But I think admin should be responsible for helium plugins because plugins are external code which could bring some potential security issue.
Besides that I have 2 concerns:
1. Is admin mandatory in shrio ? Is it possible that I enable shrio but no admin is defined ?
2. Should zeppelin take care of these or integrate the authorization of shiro and let shrio to take care of these ? e.g. We can treat interpreter and note as resource of shiro, and let shiro to control their permission and relationship.
Alec Lee <[hidden email]>于2017年2月23日周四 下午1:23写道：
In reply to this post by Jongyoul Lee
I do like the idea of the Admin feature. It complements Multitenancy very well.
Not every user should be able to change global settings that affect all users.
Also most of our Zeppelin users have only high-level understanding of Spark
and can only write sql queries. So the admin feature helps with reducing
perceived complexity of Zeppelin too. Although I think even admins shouldn't
see some user-level settings, for example, saved passwords should only be
visible by users themselves.
As Jeff suggested it might be good to integrate shiro authorization into core
Zeppelin. So you could map certain LDAP groups / AD groups to "admin"
privilege; or just map a list of users to be "admin"s would do too.
On Wed, Feb 22, 2017 at 10:14 PM, Jongyoul Lee <[hidden email]> wrote:
Thanks for starting this thread and I wish I saw this earlier.
I filed https://issues.apache.org/jira/browse/ZEPPELIN-2236 recently and much of that feature request is applicable in this blog.
From this JIRA here are some thoughts on what are different areas of Zeppelin where we can put in access control.
Also access control makes most sense after authentication is enabled so the below assumes authentication is enabled.
1. Limit who can access Zeppelin (only white listed users/groups should be allowed access)
2. Limit who can create new Zeppelin notes (only white listed users/groups should be allowed access)
3. Limit who can edit/restart/delete certain interpreters (only white listed users/groups should be allowed access)
On Thu, Feb 23, 2017 at 11:56 AM, Ruslan Dautkhanov <[hidden email]> wrote:
|Free forum by Nabble||Edit this page|