Hevin Mun created ZEPPELIN-3937:
-----------------------------------
Summary: Reader permission user cannot read sql paragraphs with
charts already run.
Key: ZEPPELIN-3937
URL: https://issues.apache.org/jira/browse/ZEPPELIN-3937
Project: Zeppelin
Issue Type: Bug
Affects Versions: 0.8.0
Environment: in conf/shiro.ini
...
[users]
# List of users with their password allowed to access Zeppelin.
# To use a different strategy (LDAP / Database / ...) check the shiro doc at
http://shiro.apache.org/configuration.html#Configuration-INISections
# To enable admin user, uncomment the following line and set an appropriate
password.
#admin = password1, admin
user1 = password1, admin
user2 = password2, writer
user3 = password3, runner
user4 = password4, reader
...
[roles]
writer = *
runner = *
reader = *
admin = *
...
[urls]
# This section is used for url-based security. For details see the shiro.ini
documentation.
#
# You can secure interpreter, configuration and credential information by urls.
# Comment or uncomment the below urls that you want to hide:
# anon means the access is anonymous.
# authc means form based auth Security.
#
# IMPORTANT: Order matters: URL path expressions are evaluated against an
incoming request
# in the order they are defined and the FIRST MATCH WINS.
#
# To allow anonymous access to all but the stated urls,
# uncomment the line second last line (/** = anon) and comment the last line
(/** = authc)
#
/api/version = anon
#/api/version = authc
# Allow all authenticated users to restart interpreters on a notebook page.
# Comment out the following line if you would like to authorize only admin
users to restart interpreters.
/api/interpreter/setting/restart/** = authc
/api/interpreter/** = authc, roles[admin]
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]
#/** = anon
/** = authc
Reporter: Hevin Mun
I tried to give the reader permission to some users. They can read the notes
empty, with some spark codes, or with some markdown paragraphs. But they cannot
read the notes with sql paragraphs with charts already run. When they try,
"Insufficient privileges to write note." message occurs.
I'm trying to make dashboard with zeppelin. I think the users should only be
able to read the charts instead of changing codes or developing environment. I
think it's quite natural so I guess this situation may not be intended but a
bug.
And I also find when the reader permission users try to get the page of sql
paragraphs with url of note "committed", they can access. But the default url
of notes of which they click the name from the notes list is the head version
instead of committed version. It is strange if I have to make another page with
the links of committed notes and should update the link everyday with new
commits.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
