Maziyar PANAHI created ZEPPELIN-3646:
----------------------------------------
Summary: Previous permissions are not effective and Notes are
visible to everyone after upgrade
Key: ZEPPELIN-3646
URL: https://issues.apache.org/jira/browse/ZEPPELIN-3646
Project: Zeppelin
Issue Type: Bug
Components: security
Affects Versions: 0.8.0
Reporter: Maziyar PANAHI
Hi,
I followed the upgrade guide by copying *notebook* and *conf* directories into
the new Zeppelin 0.8 directory, however right after starting the new Zeppelin,
all the users can see all the existing Notes. (I followed the same process
before without a problem in 0.7.x)
I can confirm the permissions exist by looking at the file or by opening
someone else's Note and check the permissions.
I can start the old Zeppelin 0.7.3 and the permissions will be restored to
normal as expected. I don't understand why it fails to hide the Notes which
user doesn't have permission to READ in 0.8.0.
The *ZEPPELIN_NOTEBOOK_PUBLIC* and *zeppelin.notebook.public* is set to
*false*, but I guess configs should not be an issue since it works in 0.7.3 and
not in 0.8.0 as it looks to me the reading permissions might be different in
0.8.0.
Let me know if you need config/log details.
Thank you.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
