Hello! Thank you for your responses. Is still not clear for me, how to add different (zeppelin actions?) with the help of the roles? In the example provided by the liuxun there is no difference between the two roles. Both of them have *. If I'not using LDAP just basic shiro configuration what could be other options? Thanks. Florin
On Fri, Oct 26, 2018 at 3:49 PM Fawze Abujaber <fawz...@gmail.com> wrote: > What others choices can be used for * in the roles? > > I configured zeppelin to work with AD and yes i'm able to differeniate > between the 2 groups in the ADrolegroupmap? > > For example i have 2 groups zeppelin_admins and zeppelin_members. > > And when keeping url section as is, then admins will have accrss the > mentioned urls and members not, but how i can disabled other users to > authinticate at all. > > for now our AD user are able to authnticate and Access the UI. > > On Fri, Oct 26, 2018 at 3:44 PM liuxun <neliu...@163.com> wrote: > >> You can refer to the following configuration: >> >> [users] >> # List of users with their password allowed to access Zeppelin. >> # To use a different strategy (LDAP / Database / ...) check the shiro doc >> at http://shiro.apache.org/configuration.html#Configuration-INISections >> # To enable admin user, uncomment the following line and set an >> appropriate password. >> admin = password1, admin >> user1 = password1, bi >> user2 = password2, bi >> user3 = password3, bi >> >> >> [roles] >> bi = * >> admin = * >> >> [urls] >> # This section is used for url-based security. >> # You can secure interpreter, configuration and credential information by >> urls. Comment or uncomment the below urls that you want to hide. >> # anon means the access is anonymous. >> # authc means Form based Auth Security >> # To enfore security, comment the line below and uncomment the next one >> /api/version = anon >> /api/openid/* = anon >> /api/interpreter/** = authc, roles[admin] >> /api/configurations/** = authc, roles[admin] >> /api/credential/** = authc, roles[admin] >> >> >> 在 2018年10月26日,下午7:40,Spico Florin <spicoflo...@gmail.com> 写道: >> >> Hello! >> >> I would like to know what are the available roles in Zeppelin (besides >> admin that has *). >> How can I create/define my own roles based on the actions that an user is >> allowed. >> In the shiro.ini the examples are to generic, having role1, role2 all >> action allowed *. >> >> Can you please define the fine grained action that I can add in arole? >> >> I look forward for your answers. >> Best regards, >> Florin >> >> >> > > -- > Take Care > Fawze Abujaber >
