Thanks Rohit Are you using LDAP? With LDAP enabled, it doesn't look like configuration users are honored at all.
Chen On Tue, Jun 21, 2016 at 6:38 PM, rohit choudhary <rconl...@gmail.com> wrote: > Chen, > > One configuration that worked for us is as follows. The key to remember > here is that the format for defining users is as follows: > > *[users]* > *username = password, role1, role2, role3* > > Thanks, > Rohit. > > [users] > admin = password1 > user1 = password2, role1, role2 > user2 = password3, role3 > user3 = password4, role2 > > [main] > sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager > securityManager.sessionManager = $sessionManager > # 86,400,000 milliseconds = 24 hour > securityManager.sessionManager.globalSessionTimeout = 86400000 > shiro.loginUrl = /api/login > > [roles] > role1 = * > role2 = * > role3 = * > > [urls] > /api/version = anon > /** = authc > > > On Tue, Jun 21, 2016 at 3:25 PM, Benjamin Kim <bbuil...@gmail.com> wrote: > >> Chen, >> >> If you don’t mind, how did you integrate LDAP with Zeppelin. As far as I >> know, Shiro was a manual way to setup users and security. >> >> Thanks, >> Ben >> >> On Jun 21, 2016, at 2:44 PM, Chen Song <chen.song...@gmail.com> wrote: >> >> I am new to Zeppelin and have successfully set up LDAP authentication on >> zeppelin. >> >> I also want to restrict write access to interpreters, credentials and >> configurations to only admin users. >> >> I added the configurations as per >> https://github.com/apache/zeppelin/pull/993 and it does hide edit access >> from other users. However, when I logged in as myUsername, which is >> supposed to be an admin user, I could edit those 3 things either. Is there >> anything I miss? >> >> [users] >> admin = myUsername >> >> [urls] >> api/version = anon >> /api/interpreter/** = authc, roles[admin] >> /api/configurations/** = authc, roles[admin] >> /api/credential/** = authc, roles[admin] >> >> Thanks for your feedback. >> >> -- >> Chen Song >> >> >> > -- Chen Song
