Hi,
try this:
#Will allow all authenticated user to restart Interpreters
/api/interpreter/setting/restart/** = authc
#Will only allow the role "admin" to access/change Interpreter settings
/api/interpreter/** = authc, roles[admin]
Also change Interpreter mode to perUser (or perNote) and isolated as otherwise in case userA restarts an interpreter will have impact on userB interpreter instance (his instance is also gone). Also somtimes (when Interpreter crashed before due to e.g. Spark YARN app run out of memory) you need to click on "Restart Interpreter" twice as you get an error during the first attempt but second attempt/click will work.
Regards,
Tom
Gesendet: Mittwoch, 29. April 2020 um 04:44 Uhr
Von: "Manuel Sopena Ballesteros" <manuel...@garvan.org.au>
An: "users" <users@zeppelin.apache.org>
Betreff: error restarting interpreter if shiro [url] /api/interpreter/** = authc is commented
Von: "Manuel Sopena Ballesteros" <manuel...@garvan.org.au>
An: "users" <users@zeppelin.apache.org>
Betreff: error restarting interpreter if shiro [url] /api/interpreter/** = authc is commented
I have restricted access to the interpreter configuration page by editing the shiro [url] section as follows
[urls]
# This section is used for url-based security.
# You can secure interpreter, configuration and credential information by urls. Comment or uncomment the below urls that you want to hide.
# anon means the access is anonymous.
# authc means Form based Auth Security
# To enfore security, comment the line below and uncomment the next one
/api/version = anon
/api/interpreter/** = authc, roles[admin]
#/api/interpreter/** = authc
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]
#/** = anon
/** = authc
I keep getting "Error restart interpreter." when try to restart the interpreter...
How can I fix this so I can restart the interpreter at the same time access to the interpreter configuration section is not allowed?
thank you
NOTICE
Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed.