[GitHub] zeppelin pull request #2671: [ZEPPELIN-3045] Add the option which prevents t...

Wed, 15 Nov 2017 05:34:53 -0800 

GitHub user kjmrknsn opened a pull request:

    https://github.com/apache/zeppelin/pull/2671

    [ZEPPELIN-3045] Add the option which prevents the cron executing user from 
being changed to users other than the login user

    ### What is this PR for?
    Add the option to Zeppelin, that prevents the cron executing user from 
being changed to users other than the login user.
    
    Now, the cron executing user can be set to any users. That could cause a 
security issue when the Hadoop cluster has data access control (managed by 
Apache Ranger and so forth) because Zeppelin users can access the data which 
they ordinary cannot access by setting other users as the cron executing user.
    
    Thus, under the circumstances strict data access control is required, it is 
necessary to add the option to Zeppelin, that prevents the cron executing user 
from being changed to users other than the login user.
    
    ### What type of PR is it?
    [Improvement]
    
    ### Todos
    
    ### What is the Jira issue?
    https://issues.apache.org/jira/projects/ZEPPELIN/issues/ZEPPELIN-3045
    
    ### How should this be tested?
    * Tested manually
        * I confirmed that when 
`zeppelin.notebook.cronExecutingUser.loginUserOnly` was true and "Cron 
executing user" was changed to users other than the login user, the 
"Insufficient privileges" dialog was shown and "Cron executing user" was not 
updated.
        * <img width="1229" alt="screen shot 2017-11-15 at 22 15 29" 
src="https://user-images.githubusercontent.com/31149688/32838348-f1cbdfc4-ca53-11e7-9ed5-8362cba10d25.png";>
    
    ### Screenshots (if appropriate)
    
    ### Questions:
    * Does the licenses files need update? No.
    * Is there breaking changes for older versions? No.
    * Does this needs documentation? Yes. 
`docs/setup/operation/configuration.md` was updated.


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/kjmrknsn/zeppelin ZEPPELIN-3045

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/zeppelin/pull/2671.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2671
    
----
commit 6223fe6a492e052b26a6cad0af507b3b2eb87826
Author: Keiji Yoshida <kjmrk...@gmail.com>
Date:   2017-11-15T07:21:30Z

    [ZEPPELIN-3045] Add the option which prevents the cron executing user from 
being changed to users other than the login user

----


---

Reply via email to