Chen, One configuration that worked for us is as follows. The key to remember here is that the format for defining users is as follows:
*[users]* *username = password, role1, role2, role3* Thanks, Rohit. [users] admin = password1 user1 = password2, role1, role2 user2 = password3, role3 user3 = password4, role2 [main] sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager securityManager.sessionManager = $sessionManager # 86,400,000 milliseconds = 24 hour securityManager.sessionManager.globalSessionTimeout = 86400000 shiro.loginUrl = /api/login [roles] role1 = * role2 = * role3 = * [urls] /api/version = anon /** = authc On Tue, Jun 21, 2016 at 3:25 PM, Benjamin Kim <bbuil...@gmail.com> wrote: > Chen, > > If you don’t mind, how did you integrate LDAP with Zeppelin. As far as I > know, Shiro was a manual way to setup users and security. > > Thanks, > Ben > > On Jun 21, 2016, at 2:44 PM, Chen Song <chen.song...@gmail.com> wrote: > > I am new to Zeppelin and have successfully set up LDAP authentication on > zeppelin. > > I also want to restrict write access to interpreters, credentials and > configurations to only admin users. > > I added the configurations as per > https://github.com/apache/zeppelin/pull/993 and it does hide edit access > from other users. However, when I logged in as myUsername, which is > supposed to be an admin user, I could edit those 3 things either. Is there > anything I miss? > > [users] > admin = myUsername > > [urls] > api/version = anon > /api/interpreter/** = authc, roles[admin] > /api/configurations/** = authc, roles[admin] > /api/credential/** = authc, roles[admin] > > Thanks for your feedback. > > -- > Chen Song > > >
