It seems credentials are saved per user as described in Shiro, can you confirm ? I don't find anything in credential API that links the datasource user to zeppelin user... Or username on datasource should be the same as Zeppelin username ?
Can an admin user set credentials for other users ? 2016-09-22 10:12 GMT+02:00 vincent gromakowski < vincent.gromakow...@gmail.com>: > Hi, > From my point of view you have 3 options: > > 1. Use a dedicated zeppelin instance per user. Solution I currently use. > Mesos/marathon launch an instance by user with it's linux UID. A service > discovery is routing each user based on HTTPS basic auth to his instance. > Because the configuration file is dedicated per user, it's easy to setup > credentials for backend. Because the UID is also setup, spark jobs are > running under each user permissions. This way is totally secure, but no > possible sharing between users except sending notebooks by mail or git repo > > 2. Use a shared instance and configure Shiro permissions which allow to > manage multi tenancy in Zeppelin (notebooks access) but not in backend as > all users notebooks will run under the same UID and have the same > credentials for accessing backend > > 3. Use a shared instance and a backend that allows impersonation like Livy > server. Livy server will execute Spark sessions per user. What is unclear > is how to deal with backend credentials ? How to configure multiple > Cassandra credentials and attach each one to a user ? Same thing for Spark > Livy, How can we configure each Livy session with users cassandra > credentials ? And finally how credentials are secured in Zeppelin ? > > 2016-09-22 8:59 GMT+02:00 York Huang <yorkhuang.d...@gmail.com>: > >> Hi DuyHai, >> >> I would like to know how to set up security (authentication and >> authorization), the architecture, etc. >> >> The users are using windows. I am ok to set up individual zeppelin on >> their desktop or a central zeppelin server. But I want to know the >> complexity, limitation, details, etc. >> >> Many thanks! >> >> On 16 September 2016 at 03:51, DuyHai Doan <doanduy...@gmail.com> wrote: >> >>> Right now, you have some options to isolate the notes. Look at the doc >>> about interpreter binding mode here : http://zeppelin.apache.org/d >>> ocs/0.7.0-SNAPSHOT/manual/interpreters.html#interpreter-binding-mode >>> >>> >>> >>> On Thu, Sep 15, 2016 at 7:15 AM, York Huang <yorkhuang.d...@gmail.com> >>> wrote: >>> >>>> Hi, >>>> >>>> I want to set up a environment for a group of users so that they can >>>> access zeppelin. Each of them should have their own space, should not >>>> interfere each other. >>>> >>>> I install zeppelin on the MapR sandbox. If I access it from different >>>> computers, even I access different notebooks, the data are still shared. >>>> >>>> What I want is the data should be totally seperate between users and >>>> notebooks. >>>> >>>> How do I set it up like this? >>>> >>>> Thanks, >>>> >>>> York Huang >>>> >>> >>> >> >