GitHub user kjmrknsn opened a pull request:
https://github.com/apache/zeppelin/pull/2676
[ZEPPELIN-3048] Add the option which prevents paragraphs from being edited
while their notebook is cron scheduled
### What is this PR for?
Add the option which prevents paragraphs from being edited by users other
than the cron executing user while their notebook is cron scheduled.
Now, the cron scheduled notebook's paragraphs can be edited by users who
have the "writer" authority. That could cause a security issue when the Hadoop
cluster has data access control (managed by Apache Ranger and so forth) because
the "writer" users can abuse the access right of the "cron executing user" and
can access the data which they ordinary cannot access by updating the
paragraphs whose notebook is cron scheduled and its cron executing user is set
to other users.
Thus, under the circumstances strict data access control is required, it is
necessary to add the option to Zeppelin, that prevents paragraphs from being
edited by users other than the cron executing user while their notebook is cron
scheduled.
### What type of PR is it?
[Improvement]
### Todos
### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-3048
### How should this be tested?
* Tested manually.
* I confirmed that when `zeppelin.notebook.cron.restrictEdit` was set
to `true` and users other than the cron executing user tried to edit the
paragraph whose interpreter was not on
`zeppelin.notebook.cron.editableInterpreters`, the "Insufficient privileged"
dialog was shown and the paragraph was not updated.
* <img width="1184" alt="screen shot 2017-11-17 at 12 31 41"
src="https://user-images.githubusercontent.com/31149688/32928980-55ea34ca-cb98-11e7-9798-af36f98a99d8.png";>
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? No.
* Is there breaking changes for older versions? No.
* Does this needs documentation? Yes.
`docs/setup/operation/configuration.md` was updated.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/kjmrknsn/zeppelin ZEPPELIN-3048
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zeppelin/pull/2676.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #2676
----
commit c73c234e2783d038cb65c8e2545b6bc00119765e
Author: Keiji Yoshida <kjmrk...@gmail.com>
Date: 2017-11-16T06:37:27Z
[ZEPPELIN-3048] Add the option which prevents paragraphs from being edited
while their notebook is cron scheduled
----
---
![https://user-images.githubusercontent.com/31149688/32928980-55ea34ca-cb98-11e7-9798-af36f98a99d8.png"](https://user-images.githubusercontent.com/31149688/32928980-55ea34ca-cb98-11e7-9798-af36f98a99d8.png"){kind=link}