Added: zeppelin/site/docs/0.8.2/setup/security/datasource_authorization.html
URL:
http://svn.apache.org/viewvc/zeppelin/site/docs/0.8.2/setup/security/datasource_authorization.html?rev=1867691&view=auto
==============================================================================
--- zeppelin/site/docs/0.8.2/setup/security/datasource_authorization.html
(added)
+++ zeppelin/site/docs/0.8.2/setup/security/datasource_authorization.html Sun
Sep 29 07:08:10 2019
@@ -0,0 +1,337 @@
+
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8">
+ <title>Apache Zeppelin 0.8.0 Documentation: Data Source Authorization in
Apache Zeppelin</title>
+ <meta name="description" content="Apache Zeppelin supports protected data
sources. In case of a MySql database, every users can set up their own
credentials to access it.">
+ <meta name="author" content="The Apache Software Foundation">
+
+ <!-- Enable responsive viewport -->
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+
+ <!-- Le HTML5 shim, for IE6-8 support of HTML elements -->
+ <!--[if lt IE 9]>
+ <script src="http://html5shim.googlecode.com/svn/trunk/html5.js";></script>
+ <![endif]-->
+
+ <link
href="//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css"
rel="stylesheet">
+
+ <!-- Le styles -->
+ <link href="/docs/0.8.0/assets/themes//bootstrap/css/bootstrap.css"
rel="stylesheet">
+ <link href="/docs/0.8.0/assets/themes//css/style.css?body=1"
rel="stylesheet" type="text/css">
+ <link href="/docs/0.8.0/assets/themes//css/syntax.css" rel="stylesheet"
type="text/css" media="screen" />
+ <!-- Le fav and touch icons -->
+ <!-- Update these with your own images
+ <link rel="shortcut icon" href="images/favicon.ico">
+ <link rel="apple-touch-icon" href="images/apple-touch-icon.png">
+ <link rel="apple-touch-icon" sizes="72x72"
href="images/apple-touch-icon-72x72.png">
+ <link rel="apple-touch-icon" sizes="114x114"
href="images/apple-touch-icon-114x114.png">
+ -->
+
+ <!-- Js -->
+ <script src="https://code.jquery.com/jquery-1.10.2.min.js";></script>
+ <script
src="/docs/0.8.0/assets/themes//bootstrap/js/bootstrap.min.js"></script>
+ <script src="/docs/0.8.0/assets/themes//js/docs.js"></script>
+ <script src="/docs/0.8.0/assets/themes//js/anchor.min.js"></script>
+ <script src="/docs/0.8.0/assets/themes//js/toc.js"></script>
+ <script src="/docs/0.8.0/assets/themes//js/lunr.min.js"></script>
+ <script src="/docs/0.8.0/assets/themes//js/search.js"></script>
+
+ <!-- atom & rss feed -->
+ <link href="/docs/0.8.0/atom.xml" type="application/atom+xml"
rel="alternate" title="Sitewide ATOM Feed">
+ <link href="/docs/0.8.0/rss.xml" type="application/rss+xml"
rel="alternate" title="Sitewide RSS Feed">
+ </head>
+
+ <body>
+
+ <div id="menu" class="navbar navbar-inverse navbar-fixed-top"
role="navigation">
+ <div class="container navbar-container">
+ <div class="navbar-header">
+ <button type="button" class="navbar-toggle" data-toggle="collapse"
data-target=".navbar-collapse">
+ <span class="sr-only">Toggle navigation</span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ </button>
+ <div class="navbar-brand">
+ <a class="navbar-brand-main" href="http://zeppelin.apache.org";>
+ <img
src="/docs/0.8.0/assets/themes/zeppelin/img/zeppelin_logo.png" width="50"
+ style="margin-top: -2px;" alt="I'm zeppelin">
+ <span style="margin-left: 5px; font-size: 27px;">Zeppelin</span>
+ <a class="navbar-brand-version" href="/docs/0.8.0"
+ style="font-size: 15px; color: white;"> 0.8.0
+ </a>
+ </a>
+ </div>
+ </div>
+ <nav class="navbar-collapse collapse" role="navigation">
+ <ul class="nav navbar-nav">
+ <li>
+ <a href="#" data-toggle="dropdown" class="dropdown-toggle">Quick
Start <b class="caret"></b></a>
+ <ul class="dropdown-menu">
+ <li class="title"><span>Getting Started</span></li>
+ <li><a
href="/docs/0.8.0/quickstart/install.html">Install</a></li>
+ <li><a href="/docs/0.8.0/quickstart/explore_ui.html">Explore
UI</a></li>
+ <li><a
href="/docs/0.8.0/quickstart/tutorial.html">Tutorial</a></li>
+ <li role="separator" class="divider"></li>
+ <li><a
href="/docs/0.8.0/quickstart/spark_with_zeppelin.html">Spark with
Zeppelin</a></li>
+ <li><a
href="/docs/0.8.0/quickstart/sql_with_zeppelin.html">SQL with Zeppelin</a></li>
+ <li><a
href="/docs/0.8.0/quickstart/python_with_zeppelin.html">Python with
Zeppelin</a></li>
+ </ul>
+ </li>
+
+ <li>
+ <a href="#" data-toggle="dropdown"
class="dropdown-toggle">Usage<b class="caret"></b></a>
+ <ul class="dropdown-menu scrollable-menu">
+ <li class="title"><span>Dynamic Form</span></li>
+ <li><a href="/docs/0.8.0/usage/dynamic_form/intro.html">What
is Dynamic Form?</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Display System</span></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/basic.html#text">Text Display</a></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/basic.html#html">HTML Display</a></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/basic.html#table">Table Display</a></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/basic.html#network">Network
Display</a></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/angular_backend.html">Angular Display
using Backend API</a></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/angular_frontend.html">Angular Display
using Frontend API</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Interpreter</span></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/overview.html">Overview</a></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/interpreter_binding_mode.html">Interpreter
Binding Mode</a></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/user_impersonation.html">User
Impersonation</a></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/dependency_management.html">Dependency
Management</a></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/installation.html">Installing
Interpreters</a></li>
+ <!--<li><a
href="/docs/0.8.0/usage/interpreter/dynamic_loading.html">Dynamic Interpreter
Loading (Experimental)</a></li>-->
+ <li><a
href="/docs/0.8.0/usage/interpreter/execution_hooks.html">Execution Hooks
(Experimental)</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Other Features</span></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/publishing_paragraphs.html">Publishing
Paragraphs</a></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/personalized_mode.html">Personalized
Mode</a></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/customizing_homepage.html">Customizing
Zeppelin Homepage</a></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/notebook_actions.html">Notebook
Actions</a></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/cron_scheduler.html">Cron
Scheduler</a></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/zeppelin_context.html">Zeppelin
Context</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>REST API</span></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/interpreter.html">Interpreter API</a></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/zeppelin_server.html">Zeppelin Server
API</a></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/notebook.html">Notebook API</a></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/notebook_repository.html">Notebook Repository
API</a></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/configuration.html">Configuration API</a></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/credential.html">Credential API</a></li>
+ <li><a href="/docs/0.8.0/usage/rest_api/helium.html">Helium
API</a></li>
+ </ul>
+ </li>
+
+ <li>
+ <a href="#" data-toggle="dropdown"
class="dropdown-toggle">Setup<b class="caret"></b></a>
+ <ul class="dropdown-menu scrollable-menu">
+ <li class="title"><span>Basics</span></li>
+ <li><a href="/docs/0.8.0/setup/basics/how_to_build.html">How
to Build Zeppelin</a></li>
+ <li><a
href="/docs/0.8.0/setup/basics/multi_user_support.html">Multi-user
Support</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Deployment</span></li>
+ <!--<li><a
href="/docs/0.8.0/setup/deployment/docker.html">Docker Image for
Zeppelin</a></li>-->
+ <li><a
href="/docs/0.8.0/setup/deployment/spark_cluster_mode.html#spark-standalone-mode">Spark
Cluster Mode: Standalone</a></li>
+ <li><a
href="/docs/0.8.0/setup/deployment/spark_cluster_mode.html#spark-on-yarn-mode">Spark
Cluster Mode: YARN</a></li>
+ <li><a
href="/docs/0.8.0/setup/deployment/spark_cluster_mode.html#spark-on-mesos-mode">Spark
Cluster Mode: Mesos</a></li>
+ <li><a
href="/docs/0.8.0/setup/deployment/flink_and_spark_cluster.html">Zeppelin with
Flink, Spark Cluster</a></li>
+ <li><a href="/docs/0.8.0/setup/deployment/cdh.html">Zeppelin
on CDH</a></li>
+ <li><a
href="/docs/0.8.0/setup/deployment/virtual_machine.html">Zeppelin on VM:
Vagrant</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Security</span></li>
+ <li><a
href="/docs/0.8.0/setup/security/authentication_nginx.html">HTTP Basic Auth
using NGINX</a></li>
+ <li><a
href="/docs/0.8.0/setup/security/shiro_authentication.html">Shiro
Authentication</a></li>
+ <li><a
href="/docs/0.8.0/setup/security/notebook_authorization.html">Notebook
Authorization</a></li>
+ <li><a
href="/docs/0.8.0/setup/security/datasource_authorization.html">Data Source
Authorization</a></li>
+ <li><a
href="/docs/0.8.0/setup/security/http_security_headers.html">HTTP Security
Headers</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Notebook Storage</span></li>
+ <li><a
href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-local-git-repository">Git
Storage</a></li>
+ <li><a
href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-s3">S3
Storage</a></li>
+ <li><a
href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-azure">Azure
Storage</a></li>
+ <li><a
href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-zeppelinhub">ZeppelinHub
Storage</a></li>
+ <li><a
href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-mongodb">MongoDB
Storage</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Operation</span></li>
+ <li><a
href="/docs/0.8.0/setup/operation/configuration.html">Configuration</a></li>
+ <li><a
href="/docs/0.8.0/setup/operation/proxy_setting.html">Proxy Setting</a></li>
+ <li><a
href="/docs/0.8.0/setup/operation/upgrading.html">Upgrading</a></li>
+ <li><a
href="/docs/0.8.0/setup/operation/trouble_shooting.html">Trouble
Shooting</a></li>
+ </ul>
+ </li>
+
+ <li>
+ <a href="#" data-toggle="dropdown"
class="dropdown-toggle">Interpreter <b class="caret"></b></a>
+ <ul class="dropdown-menu scrollable-menu">
+ <li class="title"><span>Interpreters</span></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/overview.html">Overview</a></li>
+ <li role="separator" class="divider"></li>
+ <li><a href="/docs/0.8.0/interpreter/spark.html">Spark</a></li>
+ <li><a href="/docs/0.8.0/interpreter/jdbc.html">JDBC</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/python.html">Python</a></li>
+ <li role="separator" class="divider"></li>
+ <li><a
href="/docs/0.8.0/interpreter/alluxio.html">Alluxio</a></li>
+ <li><a href="/docs/0.8.0/interpreter/beam.html">Beam</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/bigquery.html">BigQuery</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/cassandra.html">Cassandra</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/elasticsearch.html">Elasticsearch</a></li>
+ <li><a href="/docs/0.8.0/interpreter/flink.html">Flink</a></li>
+ <li><a href="/docs/0.8.0/interpreter/geode.html">Geode</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/groovy.html">Groovy</a></li>
+ <li><a href="/docs/0.8.0/interpreter/hbase.html">HBase</a></li>
+ <li><a href="/docs/0.8.0/interpreter/hdfs.html">HDFS</a></li>
+ <li><a href="/docs/0.8.0/interpreter/hive.html">Hive</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/ignite.html">Ignite</a></li>
+ <li><a href="/docs/0.8.0/interpreter/kylin.html">Kylin</a></li>
+ <li><a href="/docs/0.8.0/interpreter/lens.html">Lens</a></li>
+ <li><a href="/docs/0.8.0/interpreter/livy.html">Livy</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/markdown.html">Markdown</a></li>
+ <li><a href="/docs/0.8.0/interpreter/neo4j.html">Neo4j</a></li>
+ <li><a href="/docs/0.8.0/interpreter/pig.html">Pig</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/postgresql.html">Postgresql, HAWQ</a></li>
+ <li><a href="/docs/0.8.0/interpreter/r.html">R</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/scalding.html">Scalding</a></li>
+ <li><a href="/docs/0.8.0/interpreter/scio.html">Scio</a></li>
+ <li><a href="/docs/0.8.0/interpreter/shell.html">Shell</a></li>
+ </ul>
+ </li>
+ <li>
+ <a href="#" data-toggle="dropdown"
class="dropdown-toggle">More<b class="caret"></b></a>
+ <ul class="dropdown-menu scrollable-menu" style="right: 0; left:
auto;">
+ <li class="title"><span>Extending Zeppelin</span></li>
+ <li><a
href="/docs/0.8.0/development/writing_zeppelin_interpreter.html">Writing
Zeppelin Interpreter</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Helium (Experimental)</span></li>
+ <li><a
href="/docs/0.8.0/development/helium/overview.html">Overview</a></li>
+ <li><a
href="/docs/0.8.0/development/helium/writing_application.html">Writing Helium
Application</a></li>
+ <li><a
href="/docs/0.8.0/development/helium/writing_spell.html">Writing Helium
Spell</a></li>
+ <li><a
href="/docs/0.8.0/development/helium/writing_visualization_basic.html">Writing
Helium Visualization: Basics</a></li>
+ <li><a
href="/docs/0.8.0/development/helium/writing_visualization_transformation.html">Writing
Helium Visualization: Transformation</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Contributing to Zeppelin</span></li>
+ <li><a href="/docs/0.8.0/setup/basics/how_to_build.html">How
to Build Zeppelin</a></li>
+ <li><a
href="/docs/0.8.0/development/contribution/useful_developer_tools.html">Useful
Developer Tools</a></li>
+ <li><a
href="/docs/0.8.0/development/contribution/how_to_contribute_code.html">How to
Contribute (code)</a></li>
+ <li><a
href="/docs/0.8.0/development/contribution/how_to_contribute_website.html">How
to Contribute (website)</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>External Resources</span></li>
+ <li><a target="_blank" href="">Mailing List</a></li>
+ <li><a target="_blank" href="">Apache Zeppelin Wiki</a></li>
+ <li><a target="_blank" href="">Stackoverflow Questions about
Zeppelin</a></li>
+ </ul>
+ </li>
+ <li>
+ <a href="/docs/0.8.0/search.html" class="nav-search-link">
+ <span class="fa fa-search nav-search-icon"></span>
+ </a>
+ </li>
+ </ul>
+ </nav><!--/.navbar-collapse -->
+ </div>
+ </div>
+
+
+
+ <div class="content">
+
+<!--<div class="hero-unit Data Source Authorization in Apache Zeppelin">
+ <h1></h1>
+</div>
+-->
+
+<div class="row">
+ <div class="col-md-12">
+ <!--
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+<h1>Data Source Authorization in Apache Zeppelin</h1>
+
+<div id="toc"></div>
+
+<h2>Overview</h2>
+
+<p>Data source authorization involves authenticating to the data source like a
Mysql database and letting it determine user permissions.
+Apache Zeppelin allows users to use their own credentials to authenticate with
<strong>Data Sources</strong>.</p>
+
+<p>For example, let's assume you have an account in the Vertica databases
with credentials.
+You might want to use this account to create a JDBC connection instead of a
shared account with all users who are defined in <code>conf/shiro.ini</code>.
+In this case, you can add your credential information to Apache Zeppelin and
use them with below simple steps. </p>
+
+<h2>How to save the credential information?</h2>
+
+<p>You can add new credentials in the dropdown menu for your data source which
can be passed to interpreters. </p>
+
+<p><img class="img-responsive"
src="/docs/0.8.0/assets/themes/zeppelin/img/docs-img/credential_tab.png"
width="180px"/></p>
+
+<p><strong>Entity</strong> can be the key that distinguishes each credential
sets.(We suggest that the convention of the <strong>Entity</strong> is
<code>[Interpreter Group].[Interpreter Name]</code>.)
+Please see <a
href="../../usage/interpreter/overview.html#what-is-interpreter-group">what is
interpreter group</a> for the detailed information.</p>
+
+<p>Type <strong>Username & Password</strong> for your own credentials. ex)
Mysql user & password of the JDBC Interpreter.</p>
+
+<p><img class="img-responsive"
src="/docs/0.8.0/assets/themes/zeppelin/img/docs-img/add_credential.png" /></p>
+
+<p>The credentials saved as per users defined in <code>conf/shiro.ini</code>.
+If you didn't activate <a href="./shiro_authentication.html">shiro
authentication in Apache Zeppelin</a>, your credential information will be
saved as <code>anonymous</code>.
+All credential information also can be found in
<code>conf/credentials.json</code>. </p>
+
+<h4>JDBC interpreter</h4>
+
+<p>You need to maintain per-user connection pools.
+The interpret method takes the user string as a parameter and executes the
jdbc call using a connection in the user's connection pool.</p>
+
+<h4>Presto</h4>
+
+<p>You don't need a password if the Presto DB server runs backend code
using HDFS authorization for the user.</p>
+
+<h4>Vertica and Mysql</h4>
+
+<p>You have to store the password information for users.</p>
+
+<h2>Please note</h2>
+
+<p>As a first step of data source authentication feature, <a
href="https://issues.apache.org/jira/browse/ZEPPELIN-828";>ZEPPELIN-828</a> was
proposed and implemented in Pull Request <a
href="https://github.com/apache/zeppelin/pull/860";>#860</a>.
+Currently, only customized 3rd party interpreters can use this feature. We are
planning to apply this mechanism to <a
href="../../usage/interpreter/installation.html#available-community-managed-interpreters">the
community managed interpreters</a> in the near future.
+Please keep track <a
href="https://issues.apache.org/jira/browse/ZEPPELIN-1070";>ZEPPELIN-1070</a>.
</p>
+
+ </div>
+</div>
+
+
+ <hr>
+ <footer>
+ <!-- <p>© 2019 The Apache Software Foundation</p>-->
+ </footer>
+ </div>
+
+
+
+
+ <script type="text/javascript">
+ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
+ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new
Date();a=s.createElement(o),
+
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
+ })(window,document,'script','//www.google-analytics.com/analytics.js','ga');
+
+ ga('create', 'UA-45176241-5', 'zeppelin.apache.org');
+ ga('require', 'linkid', 'linkid.js');
+ ga('send', 'pageview');
+
+</script>
+
+
+
+ </body>
+</html>
+
Propchange:
zeppelin/site/docs/0.8.2/setup/security/datasource_authorization.html
------------------------------------------------------------------------------
svn:executable = *
Added: zeppelin/site/docs/0.8.2/setup/security/http_security_headers.html
URL:
http://svn.apache.org/viewvc/zeppelin/site/docs/0.8.2/setup/security/http_security_headers.html?rev=1867691&view=auto
==============================================================================
--- zeppelin/site/docs/0.8.2/setup/security/http_security_headers.html (added)
+++ zeppelin/site/docs/0.8.2/setup/security/http_security_headers.html Sun Sep
29 07:08:10 2019
@@ -0,0 +1,369 @@
+
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8">
+ <title>Apache Zeppelin 0.8.0 Documentation: Setting up HTTP Response
Headers</title>
+ <meta name="description" content="There are multiple HTTP Security Headers
which can be configured in Apache Zeppelin. This page describes how to enable
them by providing appropriate value in Zeppelin configuration file.">
+ <meta name="author" content="The Apache Software Foundation">
+
+ <!-- Enable responsive viewport -->
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+
+ <!-- Le HTML5 shim, for IE6-8 support of HTML elements -->
+ <!--[if lt IE 9]>
+ <script src="http://html5shim.googlecode.com/svn/trunk/html5.js";></script>
+ <![endif]-->
+
+ <link
href="//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css"
rel="stylesheet">
+
+ <!-- Le styles -->
+ <link href="/docs/0.8.0/assets/themes//bootstrap/css/bootstrap.css"
rel="stylesheet">
+ <link href="/docs/0.8.0/assets/themes//css/style.css?body=1"
rel="stylesheet" type="text/css">
+ <link href="/docs/0.8.0/assets/themes//css/syntax.css" rel="stylesheet"
type="text/css" media="screen" />
+ <!-- Le fav and touch icons -->
+ <!-- Update these with your own images
+ <link rel="shortcut icon" href="images/favicon.ico">
+ <link rel="apple-touch-icon" href="images/apple-touch-icon.png">
+ <link rel="apple-touch-icon" sizes="72x72"
href="images/apple-touch-icon-72x72.png">
+ <link rel="apple-touch-icon" sizes="114x114"
href="images/apple-touch-icon-114x114.png">
+ -->
+
+ <!-- Js -->
+ <script src="https://code.jquery.com/jquery-1.10.2.min.js";></script>
+ <script
src="/docs/0.8.0/assets/themes//bootstrap/js/bootstrap.min.js"></script>
+ <script src="/docs/0.8.0/assets/themes//js/docs.js"></script>
+ <script src="/docs/0.8.0/assets/themes//js/anchor.min.js"></script>
+ <script src="/docs/0.8.0/assets/themes//js/toc.js"></script>
+ <script src="/docs/0.8.0/assets/themes//js/lunr.min.js"></script>
+ <script src="/docs/0.8.0/assets/themes//js/search.js"></script>
+
+ <!-- atom & rss feed -->
+ <link href="/docs/0.8.0/atom.xml" type="application/atom+xml"
rel="alternate" title="Sitewide ATOM Feed">
+ <link href="/docs/0.8.0/rss.xml" type="application/rss+xml"
rel="alternate" title="Sitewide RSS Feed">
+ </head>
+
+ <body>
+
+ <div id="menu" class="navbar navbar-inverse navbar-fixed-top"
role="navigation">
+ <div class="container navbar-container">
+ <div class="navbar-header">
+ <button type="button" class="navbar-toggle" data-toggle="collapse"
data-target=".navbar-collapse">
+ <span class="sr-only">Toggle navigation</span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ </button>
+ <div class="navbar-brand">
+ <a class="navbar-brand-main" href="http://zeppelin.apache.org";>
+ <img
src="/docs/0.8.0/assets/themes/zeppelin/img/zeppelin_logo.png" width="50"
+ style="margin-top: -2px;" alt="I'm zeppelin">
+ <span style="margin-left: 5px; font-size: 27px;">Zeppelin</span>
+ <a class="navbar-brand-version" href="/docs/0.8.0"
+ style="font-size: 15px; color: white;"> 0.8.0
+ </a>
+ </a>
+ </div>
+ </div>
+ <nav class="navbar-collapse collapse" role="navigation">
+ <ul class="nav navbar-nav">
+ <li>
+ <a href="#" data-toggle="dropdown" class="dropdown-toggle">Quick
Start <b class="caret"></b></a>
+ <ul class="dropdown-menu">
+ <li class="title"><span>Getting Started</span></li>
+ <li><a
href="/docs/0.8.0/quickstart/install.html">Install</a></li>
+ <li><a href="/docs/0.8.0/quickstart/explore_ui.html">Explore
UI</a></li>
+ <li><a
href="/docs/0.8.0/quickstart/tutorial.html">Tutorial</a></li>
+ <li role="separator" class="divider"></li>
+ <li><a
href="/docs/0.8.0/quickstart/spark_with_zeppelin.html">Spark with
Zeppelin</a></li>
+ <li><a
href="/docs/0.8.0/quickstart/sql_with_zeppelin.html">SQL with Zeppelin</a></li>
+ <li><a
href="/docs/0.8.0/quickstart/python_with_zeppelin.html">Python with
Zeppelin</a></li>
+ </ul>
+ </li>
+
+ <li>
+ <a href="#" data-toggle="dropdown"
class="dropdown-toggle">Usage<b class="caret"></b></a>
+ <ul class="dropdown-menu scrollable-menu">
+ <li class="title"><span>Dynamic Form</span></li>
+ <li><a href="/docs/0.8.0/usage/dynamic_form/intro.html">What
is Dynamic Form?</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Display System</span></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/basic.html#text">Text Display</a></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/basic.html#html">HTML Display</a></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/basic.html#table">Table Display</a></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/basic.html#network">Network
Display</a></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/angular_backend.html">Angular Display
using Backend API</a></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/angular_frontend.html">Angular Display
using Frontend API</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Interpreter</span></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/overview.html">Overview</a></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/interpreter_binding_mode.html">Interpreter
Binding Mode</a></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/user_impersonation.html">User
Impersonation</a></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/dependency_management.html">Dependency
Management</a></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/installation.html">Installing
Interpreters</a></li>
+ <!--<li><a
href="/docs/0.8.0/usage/interpreter/dynamic_loading.html">Dynamic Interpreter
Loading (Experimental)</a></li>-->
+ <li><a
href="/docs/0.8.0/usage/interpreter/execution_hooks.html">Execution Hooks
(Experimental)</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Other Features</span></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/publishing_paragraphs.html">Publishing
Paragraphs</a></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/personalized_mode.html">Personalized
Mode</a></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/customizing_homepage.html">Customizing
Zeppelin Homepage</a></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/notebook_actions.html">Notebook
Actions</a></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/cron_scheduler.html">Cron
Scheduler</a></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/zeppelin_context.html">Zeppelin
Context</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>REST API</span></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/interpreter.html">Interpreter API</a></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/zeppelin_server.html">Zeppelin Server
API</a></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/notebook.html">Notebook API</a></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/notebook_repository.html">Notebook Repository
API</a></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/configuration.html">Configuration API</a></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/credential.html">Credential API</a></li>
+ <li><a href="/docs/0.8.0/usage/rest_api/helium.html">Helium
API</a></li>
+ </ul>
+ </li>
+
+ <li>
+ <a href="#" data-toggle="dropdown"
class="dropdown-toggle">Setup<b class="caret"></b></a>
+ <ul class="dropdown-menu scrollable-menu">
+ <li class="title"><span>Basics</span></li>
+ <li><a href="/docs/0.8.0/setup/basics/how_to_build.html">How
to Build Zeppelin</a></li>
+ <li><a
href="/docs/0.8.0/setup/basics/multi_user_support.html">Multi-user
Support</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Deployment</span></li>
+ <!--<li><a
href="/docs/0.8.0/setup/deployment/docker.html">Docker Image for
Zeppelin</a></li>-->
+ <li><a
href="/docs/0.8.0/setup/deployment/spark_cluster_mode.html#spark-standalone-mode">Spark
Cluster Mode: Standalone</a></li>
+ <li><a
href="/docs/0.8.0/setup/deployment/spark_cluster_mode.html#spark-on-yarn-mode">Spark
Cluster Mode: YARN</a></li>
+ <li><a
href="/docs/0.8.0/setup/deployment/spark_cluster_mode.html#spark-on-mesos-mode">Spark
Cluster Mode: Mesos</a></li>
+ <li><a
href="/docs/0.8.0/setup/deployment/flink_and_spark_cluster.html">Zeppelin with
Flink, Spark Cluster</a></li>
+ <li><a href="/docs/0.8.0/setup/deployment/cdh.html">Zeppelin
on CDH</a></li>
+ <li><a
href="/docs/0.8.0/setup/deployment/virtual_machine.html">Zeppelin on VM:
Vagrant</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Security</span></li>
+ <li><a
href="/docs/0.8.0/setup/security/authentication_nginx.html">HTTP Basic Auth
using NGINX</a></li>
+ <li><a
href="/docs/0.8.0/setup/security/shiro_authentication.html">Shiro
Authentication</a></li>
+ <li><a
href="/docs/0.8.0/setup/security/notebook_authorization.html">Notebook
Authorization</a></li>
+ <li><a
href="/docs/0.8.0/setup/security/datasource_authorization.html">Data Source
Authorization</a></li>
+ <li><a
href="/docs/0.8.0/setup/security/http_security_headers.html">HTTP Security
Headers</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Notebook Storage</span></li>
+ <li><a
href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-local-git-repository">Git
Storage</a></li>
+ <li><a
href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-s3">S3
Storage</a></li>
+ <li><a
href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-azure">Azure
Storage</a></li>
+ <li><a
href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-zeppelinhub">ZeppelinHub
Storage</a></li>
+ <li><a
href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-mongodb">MongoDB
Storage</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Operation</span></li>
+ <li><a
href="/docs/0.8.0/setup/operation/configuration.html">Configuration</a></li>
+ <li><a
href="/docs/0.8.0/setup/operation/proxy_setting.html">Proxy Setting</a></li>
+ <li><a
href="/docs/0.8.0/setup/operation/upgrading.html">Upgrading</a></li>
+ <li><a
href="/docs/0.8.0/setup/operation/trouble_shooting.html">Trouble
Shooting</a></li>
+ </ul>
+ </li>
+
+ <li>
+ <a href="#" data-toggle="dropdown"
class="dropdown-toggle">Interpreter <b class="caret"></b></a>
+ <ul class="dropdown-menu scrollable-menu">
+ <li class="title"><span>Interpreters</span></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/overview.html">Overview</a></li>
+ <li role="separator" class="divider"></li>
+ <li><a href="/docs/0.8.0/interpreter/spark.html">Spark</a></li>
+ <li><a href="/docs/0.8.0/interpreter/jdbc.html">JDBC</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/python.html">Python</a></li>
+ <li role="separator" class="divider"></li>
+ <li><a
href="/docs/0.8.0/interpreter/alluxio.html">Alluxio</a></li>
+ <li><a href="/docs/0.8.0/interpreter/beam.html">Beam</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/bigquery.html">BigQuery</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/cassandra.html">Cassandra</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/elasticsearch.html">Elasticsearch</a></li>
+ <li><a href="/docs/0.8.0/interpreter/flink.html">Flink</a></li>
+ <li><a href="/docs/0.8.0/interpreter/geode.html">Geode</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/groovy.html">Groovy</a></li>
+ <li><a href="/docs/0.8.0/interpreter/hbase.html">HBase</a></li>
+ <li><a href="/docs/0.8.0/interpreter/hdfs.html">HDFS</a></li>
+ <li><a href="/docs/0.8.0/interpreter/hive.html">Hive</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/ignite.html">Ignite</a></li>
+ <li><a href="/docs/0.8.0/interpreter/kylin.html">Kylin</a></li>
+ <li><a href="/docs/0.8.0/interpreter/lens.html">Lens</a></li>
+ <li><a href="/docs/0.8.0/interpreter/livy.html">Livy</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/markdown.html">Markdown</a></li>
+ <li><a href="/docs/0.8.0/interpreter/neo4j.html">Neo4j</a></li>
+ <li><a href="/docs/0.8.0/interpreter/pig.html">Pig</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/postgresql.html">Postgresql, HAWQ</a></li>
+ <li><a href="/docs/0.8.0/interpreter/r.html">R</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/scalding.html">Scalding</a></li>
+ <li><a href="/docs/0.8.0/interpreter/scio.html">Scio</a></li>
+ <li><a href="/docs/0.8.0/interpreter/shell.html">Shell</a></li>
+ </ul>
+ </li>
+ <li>
+ <a href="#" data-toggle="dropdown"
class="dropdown-toggle">More<b class="caret"></b></a>
+ <ul class="dropdown-menu scrollable-menu" style="right: 0; left:
auto;">
+ <li class="title"><span>Extending Zeppelin</span></li>
+ <li><a
href="/docs/0.8.0/development/writing_zeppelin_interpreter.html">Writing
Zeppelin Interpreter</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Helium (Experimental)</span></li>
+ <li><a
href="/docs/0.8.0/development/helium/overview.html">Overview</a></li>
+ <li><a
href="/docs/0.8.0/development/helium/writing_application.html">Writing Helium
Application</a></li>
+ <li><a
href="/docs/0.8.0/development/helium/writing_spell.html">Writing Helium
Spell</a></li>
+ <li><a
href="/docs/0.8.0/development/helium/writing_visualization_basic.html">Writing
Helium Visualization: Basics</a></li>
+ <li><a
href="/docs/0.8.0/development/helium/writing_visualization_transformation.html">Writing
Helium Visualization: Transformation</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Contributing to Zeppelin</span></li>
+ <li><a href="/docs/0.8.0/setup/basics/how_to_build.html">How
to Build Zeppelin</a></li>
+ <li><a
href="/docs/0.8.0/development/contribution/useful_developer_tools.html">Useful
Developer Tools</a></li>
+ <li><a
href="/docs/0.8.0/development/contribution/how_to_contribute_code.html">How to
Contribute (code)</a></li>
+ <li><a
href="/docs/0.8.0/development/contribution/how_to_contribute_website.html">How
to Contribute (website)</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>External Resources</span></li>
+ <li><a target="_blank" href="">Mailing List</a></li>
+ <li><a target="_blank" href="">Apache Zeppelin Wiki</a></li>
+ <li><a target="_blank" href="">Stackoverflow Questions about
Zeppelin</a></li>
+ </ul>
+ </li>
+ <li>
+ <a href="/docs/0.8.0/search.html" class="nav-search-link">
+ <span class="fa fa-search nav-search-icon"></span>
+ </a>
+ </li>
+ </ul>
+ </nav><!--/.navbar-collapse -->
+ </div>
+ </div>
+
+
+
+ <div class="content">
+
+<!--<div class="hero-unit Setting up HTTP Response Headers">
+ <h1></h1>
+</div>
+-->
+
+<div class="row">
+ <div class="col-md-12">
+ <!--
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+<h1>Setting up HTTP Response Headers for Zeppelin</h1>
+
+<div id="toc"></div>
+
+<p>Apache Zeppelin can be configured to include HTTP Headers which aids in
preventing Cross Site Scripting (XSS), Cross-Frame Scripting (XFS) and also
enforces HTTP Strict Transport Security. Apache Zeppelin also has configuration
available to set the Application Server Version to desired value.</p>
+
+<h2>Setting up HTTP Strict Transport Security (HSTS) Response Header</h2>
+
+<p>Enabling HSTS Response Header prevents Man-in-the-middle attacks by
automatically redirecting HTTP requests to HTTPS when Zeppelin Server is
running on SSL. Read on how to configure SSL for Zeppelin <a
href="../operation/configuration.html">here</a>. Even if web page contains any
resource which gets served over HTTP or any HTTP links, it will automatically
be redirected to HTTPS for the target domain.
+It also prevents MITM attack by not allowing User to override the invalid
certificate message, when Attacker presents invalid SSL certificate to the
User. </p>
+
+<p>The following property needs to be updated in the zeppelin-site.xml in
order to enable HSTS. You can choose appropriate value for
"max-age".</p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.server.strict.transport<span
class="nt"></name></span>
+ <span class="nt"><value></span>max-age=631138519<span
class="nt"></value></span>
+ <span class="nt"><description></span>The HTTP
Strict-Transport-Security response header is a security feature that lets a web
site tell browsers that it should only be communicated with using HTTPS,
instead of using HTTP. Enable this when Zeppelin is running on HTTPS. Value is
in Seconds, the default value is equivalent to 20 years.<span
class="nt"></description></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<p>Possible values are:</p>
+
+<ul>
+<li>max-age=<expire-time></li>
+<li>max-age=<expire-time>; includeSubDomains</li>
+<li>max-age=<expire-time>; preload</li>
+</ul>
+
+<p>Read more about HSTS <a
href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security";>here</a>.</p>
+
+<h2>Setting up X-XSS-PROTECTION Header</h2>
+
+<p>The HTTP X-XSS-Protection response header is a feature of Internet
Explorer, Chrome and Safari Web browsers that initiates configured action when
they detect reflected cross-site scripting (XSS) attacks.</p>
+
+<p>The following property needs to be updated in the zeppelin-site.xml in
order to set X-XSS-PROTECTION header. </p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.server.xxss.protection<span
class="nt"></name></span>
+ <span class="nt"><value></span>1; mode=block<span
class="nt"></value></span>
+ <span class="nt"><description></span>The HTTP X-XSS-Protection
response header is a feature of Internet Explorer, Chrome and Safari that stops
pages from loading when they detect reflected cross-site scripting (XSS)
attacks. When value is set to 1 and a cross-site scripting attack is detected,
the browser will sanitize the page (remove the unsafe parts).<span
class="nt"></description></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<p>You can choose appropriate value from below.</p>
+
+<ul>
+<li>0 (Disables XSS filtering)</li>
+<li>1 (Enables XSS filtering. If a cross-site scripting attack is detected,
the browser will sanitize the page.)</li>
+<li>1; mode=block (Enables XSS filtering. The browser will prevent rendering
of the page if an attack is detected.)</li>
+</ul>
+
+<p>Read more about HTTP X-XSS-Protection response header <a
href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection";>here</a>.</p>
+
+<h2>Setting up X-Frame-Options Header</h2>
+
+<p>The X-Frame-Options HTTP response header can indicate browser to avoid
clickjacking attacks, by ensuring that their content is not embedded into other
sites in a <code><frame></code>,<code><iframe></code> or
<code><object></code>.</p>
+
+<p>The following property needs to be updated in the zeppelin-site.xml in
order to set X-Frame-Options header.</p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.server.xframe.options<span
class="nt"></name></span>
+ <span class="nt"><value></span>SAMEORIGIN<span
class="nt"></value></span>
+ <span class="nt"><description></span>The X-Frame-Options HTTP response
header can be used to indicate whether or not a browser should be allowed to
render a page in a frame/iframe/object.<span
class="nt"></description></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<p>You can choose appropriate value from below.</p>
+
+<ul>
+<li><code>DENY</code></li>
+<li><code>SAMEORIGIN</code></li>
+<li><code>ALLOW-FROM uri</code></li>
+</ul>
+
+<h2>Setting up Server Header</h2>
+
+<p>Security conscious organisations does not want to reveal the Application
Server name and version to prevent finding this information easily by Attacker
while fingerprinting the Application. The exact version number can tell an
Attacker if the current Application Server is patched for or vulnerable to
certain publicly known CVE associated to it.</p>
+
+<p>The following property needs to be updated in the zeppelin-site.xml in
order to set Server header.</p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.server.jetty.name<span
class="nt"></name></span>
+ <span class="nt"><value></span>Jetty(7.6.0.v20120127)<span
class="nt"></value></span>
+ <span class="nt"><description></span>Hardcoding Application Server
name to Prevent Fingerprinting<span class="nt"></description></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<p>The value can be any "String".</p>
+
+ </div>
+</div>
+
+
+ <hr>
+ <footer>
+ <!-- <p>© 2019 The Apache Software Foundation</p>-->
+ </footer>
+ </div>
+
+
+
+
+ <script type="text/javascript">
+ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
+ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new
Date();a=s.createElement(o),
+
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
+ })(window,document,'script','//www.google-analytics.com/analytics.js','ga');
+
+ ga('create', 'UA-45176241-5', 'zeppelin.apache.org');
+ ga('require', 'linkid', 'linkid.js');
+ ga('send', 'pageview');
+
+</script>
+
+
+
+ </body>
+</html>
+
Propchange: zeppelin/site/docs/0.8.2/setup/security/http_security_headers.html
------------------------------------------------------------------------------
svn:executable = *
Added: zeppelin/site/docs/0.8.2/setup/security/notebook_authorization.html
URL:
http://svn.apache.org/viewvc/zeppelin/site/docs/0.8.2/setup/security/notebook_authorization.html?rev=1867691&view=auto
==============================================================================
--- zeppelin/site/docs/0.8.2/setup/security/notebook_authorization.html (added)
+++ zeppelin/site/docs/0.8.2/setup/security/notebook_authorization.html Sun Sep
29 07:08:10 2019
@@ -0,0 +1,353 @@
+
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8">
+ <title>Apache Zeppelin 0.8.0 Documentation: Notebook Authorization in
Apache Zeppelin</title>
+ <meta name="description" content="This page will guide you how you can set
the permission for Zeppelin notebooks. This document assumes that Apache Shiro
authentication was set up.">
+ <meta name="author" content="The Apache Software Foundation">
+
+ <!-- Enable responsive viewport -->
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+
+ <!-- Le HTML5 shim, for IE6-8 support of HTML elements -->
+ <!--[if lt IE 9]>
+ <script src="http://html5shim.googlecode.com/svn/trunk/html5.js";></script>
+ <![endif]-->
+
+ <link
href="//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css"
rel="stylesheet">
+
+ <!-- Le styles -->
+ <link href="/docs/0.8.0/assets/themes//bootstrap/css/bootstrap.css"
rel="stylesheet">
+ <link href="/docs/0.8.0/assets/themes//css/style.css?body=1"
rel="stylesheet" type="text/css">
+ <link href="/docs/0.8.0/assets/themes//css/syntax.css" rel="stylesheet"
type="text/css" media="screen" />
+ <!-- Le fav and touch icons -->
+ <!-- Update these with your own images
+ <link rel="shortcut icon" href="images/favicon.ico">
+ <link rel="apple-touch-icon" href="images/apple-touch-icon.png">
+ <link rel="apple-touch-icon" sizes="72x72"
href="images/apple-touch-icon-72x72.png">
+ <link rel="apple-touch-icon" sizes="114x114"
href="images/apple-touch-icon-114x114.png">
+ -->
+
+ <!-- Js -->
+ <script src="https://code.jquery.com/jquery-1.10.2.min.js";></script>
+ <script
src="/docs/0.8.0/assets/themes//bootstrap/js/bootstrap.min.js"></script>
+ <script src="/docs/0.8.0/assets/themes//js/docs.js"></script>
+ <script src="/docs/0.8.0/assets/themes//js/anchor.min.js"></script>
+ <script src="/docs/0.8.0/assets/themes//js/toc.js"></script>
+ <script src="/docs/0.8.0/assets/themes//js/lunr.min.js"></script>
+ <script src="/docs/0.8.0/assets/themes//js/search.js"></script>
+
+ <!-- atom & rss feed -->
+ <link href="/docs/0.8.0/atom.xml" type="application/atom+xml"
rel="alternate" title="Sitewide ATOM Feed">
+ <link href="/docs/0.8.0/rss.xml" type="application/rss+xml"
rel="alternate" title="Sitewide RSS Feed">
+ </head>
+
+ <body>
+
+ <div id="menu" class="navbar navbar-inverse navbar-fixed-top"
role="navigation">
+ <div class="container navbar-container">
+ <div class="navbar-header">
+ <button type="button" class="navbar-toggle" data-toggle="collapse"
data-target=".navbar-collapse">
+ <span class="sr-only">Toggle navigation</span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ </button>
+ <div class="navbar-brand">
+ <a class="navbar-brand-main" href="http://zeppelin.apache.org";>
+ <img
src="/docs/0.8.0/assets/themes/zeppelin/img/zeppelin_logo.png" width="50"
+ style="margin-top: -2px;" alt="I'm zeppelin">
+ <span style="margin-left: 5px; font-size: 27px;">Zeppelin</span>
+ <a class="navbar-brand-version" href="/docs/0.8.0"
+ style="font-size: 15px; color: white;"> 0.8.0
+ </a>
+ </a>
+ </div>
+ </div>
+ <nav class="navbar-collapse collapse" role="navigation">
+ <ul class="nav navbar-nav">
+ <li>
+ <a href="#" data-toggle="dropdown" class="dropdown-toggle">Quick
Start <b class="caret"></b></a>
+ <ul class="dropdown-menu">
+ <li class="title"><span>Getting Started</span></li>
+ <li><a
href="/docs/0.8.0/quickstart/install.html">Install</a></li>
+ <li><a href="/docs/0.8.0/quickstart/explore_ui.html">Explore
UI</a></li>
+ <li><a
href="/docs/0.8.0/quickstart/tutorial.html">Tutorial</a></li>
+ <li role="separator" class="divider"></li>
+ <li><a
href="/docs/0.8.0/quickstart/spark_with_zeppelin.html">Spark with
Zeppelin</a></li>
+ <li><a
href="/docs/0.8.0/quickstart/sql_with_zeppelin.html">SQL with Zeppelin</a></li>
+ <li><a
href="/docs/0.8.0/quickstart/python_with_zeppelin.html">Python with
Zeppelin</a></li>
+ </ul>
+ </li>
+
+ <li>
+ <a href="#" data-toggle="dropdown"
class="dropdown-toggle">Usage<b class="caret"></b></a>
+ <ul class="dropdown-menu scrollable-menu">
+ <li class="title"><span>Dynamic Form</span></li>
+ <li><a href="/docs/0.8.0/usage/dynamic_form/intro.html">What
is Dynamic Form?</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Display System</span></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/basic.html#text">Text Display</a></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/basic.html#html">HTML Display</a></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/basic.html#table">Table Display</a></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/basic.html#network">Network
Display</a></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/angular_backend.html">Angular Display
using Backend API</a></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/angular_frontend.html">Angular Display
using Frontend API</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Interpreter</span></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/overview.html">Overview</a></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/interpreter_binding_mode.html">Interpreter
Binding Mode</a></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/user_impersonation.html">User
Impersonation</a></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/dependency_management.html">Dependency
Management</a></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/installation.html">Installing
Interpreters</a></li>
+ <!--<li><a
href="/docs/0.8.0/usage/interpreter/dynamic_loading.html">Dynamic Interpreter
Loading (Experimental)</a></li>-->
+ <li><a
href="/docs/0.8.0/usage/interpreter/execution_hooks.html">Execution Hooks
(Experimental)</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Other Features</span></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/publishing_paragraphs.html">Publishing
Paragraphs</a></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/personalized_mode.html">Personalized
Mode</a></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/customizing_homepage.html">Customizing
Zeppelin Homepage</a></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/notebook_actions.html">Notebook
Actions</a></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/cron_scheduler.html">Cron
Scheduler</a></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/zeppelin_context.html">Zeppelin
Context</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>REST API</span></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/interpreter.html">Interpreter API</a></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/zeppelin_server.html">Zeppelin Server
API</a></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/notebook.html">Notebook API</a></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/notebook_repository.html">Notebook Repository
API</a></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/configuration.html">Configuration API</a></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/credential.html">Credential API</a></li>
+ <li><a href="/docs/0.8.0/usage/rest_api/helium.html">Helium
API</a></li>
+ </ul>
+ </li>
+
+ <li>
+ <a href="#" data-toggle="dropdown"
class="dropdown-toggle">Setup<b class="caret"></b></a>
+ <ul class="dropdown-menu scrollable-menu">
+ <li class="title"><span>Basics</span></li>
+ <li><a href="/docs/0.8.0/setup/basics/how_to_build.html">How
to Build Zeppelin</a></li>
+ <li><a
href="/docs/0.8.0/setup/basics/multi_user_support.html">Multi-user
Support</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Deployment</span></li>
+ <!--<li><a
href="/docs/0.8.0/setup/deployment/docker.html">Docker Image for
Zeppelin</a></li>-->
+ <li><a
href="/docs/0.8.0/setup/deployment/spark_cluster_mode.html#spark-standalone-mode">Spark
Cluster Mode: Standalone</a></li>
+ <li><a
href="/docs/0.8.0/setup/deployment/spark_cluster_mode.html#spark-on-yarn-mode">Spark
Cluster Mode: YARN</a></li>
+ <li><a
href="/docs/0.8.0/setup/deployment/spark_cluster_mode.html#spark-on-mesos-mode">Spark
Cluster Mode: Mesos</a></li>
+ <li><a
href="/docs/0.8.0/setup/deployment/flink_and_spark_cluster.html">Zeppelin with
Flink, Spark Cluster</a></li>
+ <li><a href="/docs/0.8.0/setup/deployment/cdh.html">Zeppelin
on CDH</a></li>
+ <li><a
href="/docs/0.8.0/setup/deployment/virtual_machine.html">Zeppelin on VM:
Vagrant</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Security</span></li>
+ <li><a
href="/docs/0.8.0/setup/security/authentication_nginx.html">HTTP Basic Auth
using NGINX</a></li>
+ <li><a
href="/docs/0.8.0/setup/security/shiro_authentication.html">Shiro
Authentication</a></li>
+ <li><a
href="/docs/0.8.0/setup/security/notebook_authorization.html">Notebook
Authorization</a></li>
+ <li><a
href="/docs/0.8.0/setup/security/datasource_authorization.html">Data Source
Authorization</a></li>
+ <li><a
href="/docs/0.8.0/setup/security/http_security_headers.html">HTTP Security
Headers</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Notebook Storage</span></li>
+ <li><a
href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-local-git-repository">Git
Storage</a></li>
+ <li><a
href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-s3">S3
Storage</a></li>
+ <li><a
href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-azure">Azure
Storage</a></li>
+ <li><a
href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-zeppelinhub">ZeppelinHub
Storage</a></li>
+ <li><a
href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-mongodb">MongoDB
Storage</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Operation</span></li>
+ <li><a
href="/docs/0.8.0/setup/operation/configuration.html">Configuration</a></li>
+ <li><a
href="/docs/0.8.0/setup/operation/proxy_setting.html">Proxy Setting</a></li>
+ <li><a
href="/docs/0.8.0/setup/operation/upgrading.html">Upgrading</a></li>
+ <li><a
href="/docs/0.8.0/setup/operation/trouble_shooting.html">Trouble
Shooting</a></li>
+ </ul>
+ </li>
+
+ <li>
+ <a href="#" data-toggle="dropdown"
class="dropdown-toggle">Interpreter <b class="caret"></b></a>
+ <ul class="dropdown-menu scrollable-menu">
+ <li class="title"><span>Interpreters</span></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/overview.html">Overview</a></li>
+ <li role="separator" class="divider"></li>
+ <li><a href="/docs/0.8.0/interpreter/spark.html">Spark</a></li>
+ <li><a href="/docs/0.8.0/interpreter/jdbc.html">JDBC</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/python.html">Python</a></li>
+ <li role="separator" class="divider"></li>
+ <li><a
href="/docs/0.8.0/interpreter/alluxio.html">Alluxio</a></li>
+ <li><a href="/docs/0.8.0/interpreter/beam.html">Beam</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/bigquery.html">BigQuery</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/cassandra.html">Cassandra</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/elasticsearch.html">Elasticsearch</a></li>
+ <li><a href="/docs/0.8.0/interpreter/flink.html">Flink</a></li>
+ <li><a href="/docs/0.8.0/interpreter/geode.html">Geode</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/groovy.html">Groovy</a></li>
+ <li><a href="/docs/0.8.0/interpreter/hbase.html">HBase</a></li>
+ <li><a href="/docs/0.8.0/interpreter/hdfs.html">HDFS</a></li>
+ <li><a href="/docs/0.8.0/interpreter/hive.html">Hive</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/ignite.html">Ignite</a></li>
+ <li><a href="/docs/0.8.0/interpreter/kylin.html">Kylin</a></li>
+ <li><a href="/docs/0.8.0/interpreter/lens.html">Lens</a></li>
+ <li><a href="/docs/0.8.0/interpreter/livy.html">Livy</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/markdown.html">Markdown</a></li>
+ <li><a href="/docs/0.8.0/interpreter/neo4j.html">Neo4j</a></li>
+ <li><a href="/docs/0.8.0/interpreter/pig.html">Pig</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/postgresql.html">Postgresql, HAWQ</a></li>
+ <li><a href="/docs/0.8.0/interpreter/r.html">R</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/scalding.html">Scalding</a></li>
+ <li><a href="/docs/0.8.0/interpreter/scio.html">Scio</a></li>
+ <li><a href="/docs/0.8.0/interpreter/shell.html">Shell</a></li>
+ </ul>
+ </li>
+ <li>
+ <a href="#" data-toggle="dropdown"
class="dropdown-toggle">More<b class="caret"></b></a>
+ <ul class="dropdown-menu scrollable-menu" style="right: 0; left:
auto;">
+ <li class="title"><span>Extending Zeppelin</span></li>
+ <li><a
href="/docs/0.8.0/development/writing_zeppelin_interpreter.html">Writing
Zeppelin Interpreter</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Helium (Experimental)</span></li>
+ <li><a
href="/docs/0.8.0/development/helium/overview.html">Overview</a></li>
+ <li><a
href="/docs/0.8.0/development/helium/writing_application.html">Writing Helium
Application</a></li>
+ <li><a
href="/docs/0.8.0/development/helium/writing_spell.html">Writing Helium
Spell</a></li>
+ <li><a
href="/docs/0.8.0/development/helium/writing_visualization_basic.html">Writing
Helium Visualization: Basics</a></li>
+ <li><a
href="/docs/0.8.0/development/helium/writing_visualization_transformation.html">Writing
Helium Visualization: Transformation</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Contributing to Zeppelin</span></li>
+ <li><a href="/docs/0.8.0/setup/basics/how_to_build.html">How
to Build Zeppelin</a></li>
+ <li><a
href="/docs/0.8.0/development/contribution/useful_developer_tools.html">Useful
Developer Tools</a></li>
+ <li><a
href="/docs/0.8.0/development/contribution/how_to_contribute_code.html">How to
Contribute (code)</a></li>
+ <li><a
href="/docs/0.8.0/development/contribution/how_to_contribute_website.html">How
to Contribute (website)</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>External Resources</span></li>
+ <li><a target="_blank" href="">Mailing List</a></li>
+ <li><a target="_blank" href="">Apache Zeppelin Wiki</a></li>
+ <li><a target="_blank" href="">Stackoverflow Questions about
Zeppelin</a></li>
+ </ul>
+ </li>
+ <li>
+ <a href="/docs/0.8.0/search.html" class="nav-search-link">
+ <span class="fa fa-search nav-search-icon"></span>
+ </a>
+ </li>
+ </ul>
+ </nav><!--/.navbar-collapse -->
+ </div>
+ </div>
+
+
+
+ <div class="content">
+
+<!--<div class="hero-unit Notebook Authorization in Apache Zeppelin">
+ <h1></h1>
+</div>
+-->
+
+<div class="row">
+ <div class="col-md-12">
+ <!--
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+<h1>Zeppelin Notebook Authorization</h1>
+
+<div id="toc"></div>
+
+<h2>Overview</h2>
+
+<p>We assume that there is an <strong>Shiro Authentication</strong> component
that associates a user string and a set of group strings with every
NotebookSocket.
+If you don't set the authentication components yet, please check <a
href="./shiro_authentication.html">Shiro authentication for Apache Zeppelin</a>
first.</p>
+
+<h2>Authorization Setting</h2>
+
+<p>You can set Zeppelin notebook permissions in each notebooks. Of course only
<strong>notebook owners</strong> can change this configuration.
+Just click <strong>Lock icon</strong> and open the permission setting page in
your notebook.</p>
+
+<p>As you can see, each Zeppelin notebooks has 3 entities :</p>
+
+<ul>
+<li>Owners ( users or groups )</li>
+<li>Readers ( users or groups )</li>
+<li>Writers ( users or groups )</li>
+<li>Runners ( users or groups )</li>
+</ul>
+
+<p><center><img
src="/docs/0.8.0/assets/themes/zeppelin/img/docs-img/permission_setting.png"></center></p>
+
+<p>Fill out the each forms with comma seperated <strong>users</strong> and
<strong>groups</strong> configured in <code>conf/shiro.ini</code> file.
+If the form is empty (*), it means that any users can perform that
operation.</p>
+
+<p>If someone who doesn't have <strong>read</strong> permission is trying
to access the notebook or someone who doesn't have <strong>write</strong>
permission is trying to edit the notebook,
+or someone who doesn't have <strong>run</strong> permission is trying to
run a paragraph Zeppelin will ask to login or block the user.</p>
+
+<p>By default, owners and writers have <strong>write</strong> permission,
owners, writers and runners have <strong>run</strong> permission, owners,
writers, runners and readers have <strong>read</strong> permission</p>
+
+<p><center><img
src="/docs/0.8.0/assets/themes/zeppelin/img/docs-img/insufficient_privileges.png"></center></p>
+
+<h2>Separate notebook workspaces (public vs. private)</h2>
+
+<p>By default, the authorization rights allow other users to see the newly
created note, meaning the workspace is <code>public</code>. This behavior is
controllable and can be set through either
<code>ZEPPELIN_NOTEBOOK_PUBLIC</code> variable in
<code>conf/zeppelin-env.sh</code>, or through
<code>zeppelin.notebook.public</code> property in
<code>conf/zeppelin-site.xml</code>. Thus, in order to make newly created note
appear only in your <code>private</code> workspace by default, you can set
either <code>ZEPPELIN_NOTEBOOK_PUBLIC</code> to <code>false</code> in your
<code>conf/zeppelin-env.sh</code> as follows:</p>
+<div class="highlight"><pre><code class="language-bash"
data-lang="bash"><span></span><span class="nb">export</span> <span
class="nv">ZEPPELIN_NOTEBOOK_PUBLIC</span><span class="o">=</span><span
class="s2">"false"</span>
+</code></pre></div>
+<p>or set <code>zeppelin.notebook.public</code> property to <code>false</code>
in <code>conf/zeppelin-site.xml</code> as follows:</p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.notebook.public<span
class="nt"></name></span>
+ <span class="nt"><value></span>false<span
class="nt"></value></span>
+ <span class="nt"><description></span>Make notebook public by default
when created, private otherwise<span class="nt"></description></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<p>Behind the scenes, when you create a new note only the <code>owners</code>
field is filled with current user, leaving <code>readers</code>,
<code>runners</code> and <code>writers</code> fields empty. All the notes with
at least one empty authorization field are considered to be in
<code>public</code> workspace. Thus when setting
<code>zeppelin.notebook.public</code> (or corresponding
<code>ZEPPELIN_NOTEBOOK_PUBLIC</code>) to false, newly created notes have
<code>readers</code>, <code>runners</code>, <code>writers</code> fields filled
with current user, making note appear as in <code>private</code> workspace.</p>
+
+<h2>How it works</h2>
+
+<p>In this section, we will explain the detail about how the notebook
authorization works in backend side.</p>
+
+<h3>NotebookServer</h3>
+
+<p>The <a
href="https://github.com/apache/zeppelin/blob/master/zeppelin-server/src/main/java/org/apache/zeppelin/socket/NotebookServer.java";>NotebookServer</a>
classifies every notebook operations into three categories:
<strong>Read</strong>, <strong>Run</strong>, <strong>Write</strong>,
<strong>Manage</strong>.
+Before executing a notebook operation, it checks if the user and the groups
associated with the <code>NotebookSocket</code> have permissions.
+For example, before executing a <strong>Read</strong> operation, it checks if
the user and the groups have at least one entity that belongs to the
<strong>Reader</strong> entities.</p>
+
+<h3>Notebook REST API call</h3>
+
+<p>Zeppelin executes a <a
href="https://github.com/apache/zeppelin/blob/master/zeppelin-server/src/main/java/org/apache/zeppelin/rest/NotebookRestApi.java";>REST
API call</a> for the notebook permission information.
+In the backend side, Zeppelin gets the user information for the connection and
allows the operation if the users and groups
+associated with the current user have at least one entity that belongs to
owner entities for the notebook.</p>
+
+ </div>
+</div>
+
+
+ <hr>
+ <footer>
+ <!-- <p>© 2019 The Apache Software Foundation</p>-->
+ </footer>
+ </div>
+
+
+
+
+ <script type="text/javascript">
+ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
+ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new
Date();a=s.createElement(o),
+
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
+ })(window,document,'script','//www.google-analytics.com/analytics.js','ga');
+
+ ga('create', 'UA-45176241-5', 'zeppelin.apache.org');
+ ga('require', 'linkid', 'linkid.js');
+ ga('send', 'pageview');
+
+</script>
+
+
+
+ </body>
+</html>
+
Propchange: zeppelin/site/docs/0.8.2/setup/security/notebook_authorization.html
------------------------------------------------------------------------------
svn:executable = *
