Hi Zeppelin Team,
due to data privacy reason I need to disable the “Job” page within Zeppelin which allows to see what/when other users executing which paragraphs…. Basically the page which you will reach when accessing the URL https://MY-Zeppelin.com:9995/#/jobmanager
I thought initially its not a big deal as I can simply add another filter to shiro.ini like below
#Control access to JobManager
/api/jobmanager/** = authc, roles[myadmin_group]
or
/jobmanager/** = authc, roles[myadmin_group]
Unfortunately both entries does not help as accounts not member of the group admin_group still able to access the page without any permission denied error message as expected. From the DEBUG log it looks like the required shiro filters are not applied at all to this page. Note, for other Zeppelin resources defined in shiro.ini like Interpreter and Configuration it works without any issues.
/api/interpreter/** = authc, roles[myadmin_group]
/api/configurations/** = authc, roles[myadmin_group]
I think access to jobmanager page is not controllable via [urls] section in shiro.ini but could please someone share her/his thought about? Maybe I just did something wrong…?! Thanks a lot!
Regards, Tom
PS: Link to Doc: https://zeppelin.apache.org/docs/0.8.0/setup/security/shiro_authentication.html#apply-multiple-roles-in-shiro-configuration
