Hello everyone,
we have a multiuser environment with isolated instantiated
interpreters and we don't want to allow our users to restart the
interpreter globally for everyone. Therefore we defined in our
shiro.ini:
/api/interpreter/** = authc,roles[sudo]
to only allow users who are part of the sudo group to access
the interpreter site.
This causes an issue as users who aren't a part of the sudo
group can't restart their interpreters from the interpreter
binding menu within a notebok anymore. According to the
documentation [1] both actions have the same url, but the button
from the interpreter binding menu sends the optional json input.
Is there a way to block the interpreter menu but to allow the
interpreter restart from the interpreter binding menu?
Currently we use the following additional line as a workaround
but it is still possible to send POST request directly to
restart all interpreters:
/api/interpreter/setting/restart/** = authc
[1]
https://zeppelin.apache.org/docs/0.8.0/usage/rest_api/interpreter.html#restart-an-interpreter
--
Best regards
cronoik
Locked
