Zeppelin security configuration

Wed, 28 Jun 2017 12:21:04 -0700 

What happens if you remove authc after /api/interpreter/** ?

Our shiro.ini just has:

/api/interpreter/** = 
roles[engineering],roles[infra],roles[tech_heads],roles[data_science]

http://www.placeiq.com/ http://www.placeiq.com/ http://www.placeiq.com/

Paul Brenner

https://twitter.com/placeiq https://twitter.com/placeiq 
https://twitter.com/placeiq
https://www.facebook.com/PlaceIQ https://www.facebook.com/PlaceIQ
https://www.linkedin.com/company/placeiq 
https://www.linkedin.com/company/placeiq

DATA SCIENTIST

(217) 390-3033 

 

http://www.placeiq.com/2015/05/26/placeiq-named-winner-of-prestigious-2015-oracle-data-cloud-activate-award/
 
http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/
 
http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/
 
http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/
 
http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/
 
http://placeiq.com/2016/03/08/measuring-addressable-tv-campaigns-is-now-possible/
 
http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/
 
http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/
 
http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/
 
http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/
 
http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/
 
http://pages.placeiq.com/Location-Data-Accuracy-Whitepaper-Download.html?utm_source=Signature&utm_medium=Email&utm_campaign=AccuracyWP
 
http://placeiq.com/2016/08/03/placeiq-bolsters-location-intelligence-platform-with-mastercard-insights/
 
http://placeiq.com/2016/10/26/the-making-of-a-location-data-industry-milestone/ 
http://placeiq.com/2016/12/07/placeiq-introduces-landmark-a-groundbreaking-offering-that-delivers-access-to-the-highest-quality-location-data-for-insights-that-fuel-limitless-business-decisions/
 
http://placeiq.com/2016/12/07/placeiq-introduces-landmark-a-groundbreaking-offering-that-delivers-access-to-the-highest-quality-location-data-for-insights-that-fuel-limitless-business-decisions/
 
https://www.placeiq.com/2017/05/placeiqs-landmark-powers-location-based-insight-innovation-for-ansible-gstv-havas-media-the-media-kitchen-and-more/

On Wed, Jun 28, 2017 at 3:11 PM goutham koneru

<
mailto:goutham koneru <goutha...@gmail.com>
> wrote:

a, pre, code, a:link, body { word-wrap: break-word !important; }

Hi,

I've enabled AD authentication by updating shiro.ini - this is just to login to 
Zeppelin. I am using HDP 2.6.1 and Zeppelin 0.7.0.

ldapADGCRealm.userSearchFilter=(&(objectclass=user)(sAMAccountName={0})(|(memberOf=cn=adhdpadm,ou=Groups,ou=Corporate,dc=abccompany,dc=com)(memberOf=cn=adhdpdev,ou=Groups,ou=Corporate,dc=abccompany,dc=com)))
 

Now people belong to these groups are able to login. but all of them have 
access to edit any interpreters. 

People who belong to adhdpdev group should not be able to modify any settings. 
I have tried with individual users by specifying in shiro.ini and it worked. 
But how can I do that with groups? Is it possible?

/api/version = anon 

/api/interpreter/** = authc, roles[admin] 

/api/configurations/** = authc, roles[admin] 

/api/credential/** = authc, roles[admin] 

#/** = anon 

/** = authc 

Thanks,

Goutham.

Reply via email to