Hi, >From my point of view you have 3 options: 1. Use a dedicated zeppelin instance per user. Solution I currently use. Mesos/marathon launch an instance by user with it's linux UID. A service discovery is routing each user based on HTTPS basic auth to his instance. Because the configuration file is dedicated per user, it's easy to setup credentials for backend. Because the UID is also setup, spark jobs are running under each user permissions. This way is totally secure, but no possible sharing between users except sending notebooks by mail or git repo
2. Use a shared instance and configure Shiro permissions which allow to manage multi tenancy in Zeppelin (notebooks access) but not in backend as all users notebooks will run under the same UID and have the same credentials for accessing backend 3. Use a shared instance and a backend that allows impersonation like Livy server. Livy server will execute Spark sessions per user. What is unclear is how to deal with backend credentials ? How to configure multiple Cassandra credentials and attach each one to a user ? Same thing for Spark Livy, How can we configure each Livy session with users cassandra credentials ? And finally how credentials are secured in Zeppelin ? 2016-09-22 8:59 GMT+02:00 York Huang <yorkhuang.d...@gmail.com>: > Hi DuyHai, > > I would like to know how to set up security (authentication and > authorization), the architecture, etc. > > The users are using windows. I am ok to set up individual zeppelin on > their desktop or a central zeppelin server. But I want to know the > complexity, limitation, details, etc. > > Many thanks! > > On 16 September 2016 at 03:51, DuyHai Doan <doanduy...@gmail.com> wrote: > >> Right now, you have some options to isolate the notes. Look at the doc >> about interpreter binding mode here : http://zeppelin.apache.org/d >> ocs/0.7.0-SNAPSHOT/manual/interpreters.html#interpreter-binding-mode >> >> >> >> On Thu, Sep 15, 2016 at 7:15 AM, York Huang <yorkhuang.d...@gmail.com> >> wrote: >> >>> Hi, >>> >>> I want to set up a environment for a group of users so that they can >>> access zeppelin. Each of them should have their own space, should not >>> interfere each other. >>> >>> I install zeppelin on the MapR sandbox. If I access it from different >>> computers, even I access different notebooks, the data are still shared. >>> >>> What I want is the data should be totally seperate between users and >>> notebooks. >>> >>> How do I set it up like this? >>> >>> Thanks, >>> >>> York Huang >>> >> >> >
