Hello everyone,
we have a multiuser environment with isolated instantiated interpreters
and we don't want to allow our users to restart the interpreter globally
for everyone. Therefore we defined in our shiro.ini:
/api/interpreter/** = authc,roles[sudo]
to only allow users who are part of the sudo group to access the
interpreter site.
This causes an issue as users who aren't a part of the sudo group can't
restart their interpreters from the interpreter binding menu within a
notebok anymore. According to the documentation [1] both actions have
the same url, but the button from the interpreter binding menu sends the
optional json input. Is there a way to block the interpreter menu but to
allow the interpreter restart from the interpreter binding menu?
Currently we use the following additional line as a workaround but it is
still possible to send POST request directly to restart all interpreters:
/api/interpreter/setting/restart/** = authc
[1]
https://zeppelin.apache.org/docs/0.8.0/usage/rest_api/interpreter.html#restart-an-interpreter
--
Best regards
cronoik
