Added: zeppelin/site/docs/0.7.2/security/authentication.html URL: http://svn.apache.org/viewvc/zeppelin/site/docs/0.7.2/security/authentication.html?rev=1798613&view=auto ============================================================================== --- zeppelin/site/docs/0.7.2/security/authentication.html (added) +++ zeppelin/site/docs/0.7.2/security/authentication.html Tue Jun 13 16:55:32 2017 @@ -0,0 +1,348 @@ + +<!DOCTYPE html> +<html lang="en"> + <head> + <meta charset="utf-8"> + <title>Apache Zeppelin 0.7.2 Documentation: Authentication for NGINX</title> + <meta name="description" content="There are multiple ways to enable authentication in Apache Zeppelin. This page describes HTTP basic auth using NGINX."> + <meta name="author" content="The Apache Software Foundation"> + + <!-- Enable responsive viewport --> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + + <!-- Le HTML5 shim, for IE6-8 support of HTML elements --> + <!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js";></script> + <![endif]--> + + <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css" rel="stylesheet"> + + <!-- Le styles --> + <link href="/docs/0.7.2/assets/themes/zeppelin/bootstrap/css/bootstrap.css" rel="stylesheet"> + <link href="/docs/0.7.2/assets/themes/zeppelin/css/style.css?body=1" rel="stylesheet" type="text/css"> + <link href="/docs/0.7.2/assets/themes/zeppelin/css/syntax.css" rel="stylesheet" type="text/css" media="screen" /> + <!-- Le fav and touch icons --> + <!-- Update these with your own images + <link rel="shortcut icon" href="images/favicon.ico"> + <link rel="apple-touch-icon" href="images/apple-touch-icon.png"> + <link rel="apple-touch-icon" sizes="72x72" href="images/apple-touch-icon-72x72.png"> + <link rel="apple-touch-icon" sizes="114x114" href="images/apple-touch-icon-114x114.png"> + --> + + <!-- Js --> + <script src="https://code.jquery.com/jquery-1.10.2.min.js";></script> + <script src="/docs/0.7.2/assets/themes/zeppelin/bootstrap/js/bootstrap.min.js"></script> + <script src="/docs/0.7.2/assets/themes/zeppelin/js/docs.js"></script> + <script src="/docs/0.7.2/assets/themes/zeppelin/js/anchor.min.js"></script> + <script src="/docs/0.7.2/assets/themes/zeppelin/js/toc.js"></script> + <script src="/docs/0.7.2/assets/themes/zeppelin/js/lunr.min.js"></script> + <script src="/docs/0.7.2/assets/themes/zeppelin/js/search.js"></script> + + <!-- atom & rss feed --> + <link href="/docs/0.7.2/atom.xml" type="application/atom+xml" rel="alternate" title="Sitewide ATOM Feed"> + <link href="/docs/0.7.2/rss.xml" type="application/rss+xml" rel="alternate" title="Sitewide RSS Feed"> + </head> + + <body> + + <div id="menu" class="navbar navbar-inverse navbar-fixed-top" role="navigation"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <div class="navbar-brand"> + <a class="navbar-brand-main" href="http://zeppelin.apache.org";> + <img src="/assets/themes/zeppelin/img/zeppelin_logo.png" width="50" alt="I'm zeppelin"> + <span style="vertical-align:middle">Zeppelin</span> + </a> + <a class="navbar-brand-version" href="/docs/0.7.2"> + <span><small>0.7.2</small></span> + </a> + </div> + </div> + <nav class="navbar-collapse collapse" role="navigation"> + <ul class="nav navbar-nav"> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Quick Start <b class="caret"></b></a> + <ul class="dropdown-menu"> + <li><a href="/docs/0.7.2/index.html">What is Apache Zeppelin ?</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Getting Started</b><span></li> + <li><a href="/docs/0.7.2/install/install.html">Install</a></li> + <li><a href="/docs/0.7.2/install/configuration.html">Configuration</a></li> + <li><a href="/docs/0.7.2/quickstart/explorezeppelinui.html">Explore Zeppelin UI</a></li> + <li><a href="/docs/0.7.2/quickstart/tutorial.html">Tutorial</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Basic Feature Guide</b><span></li> + <li><a href="/docs/0.7.2/manual/dynamicform.html">Dynamic Form</a></li> + <li><a href="/docs/0.7.2/manual/publish.html">Publish your Paragraph</a></li> + <li><a href="/docs/0.7.2/manual/notebookashomepage.html">Customize Zeppelin Homepage</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>More</b><span></li> + <li><a href="/docs/0.7.2/install/upgrade.html">Upgrade Zeppelin Version</a></li> + <li><a href="/docs/0.7.2/install/build.html">Build from source</a></li> + <li><a href="/docs/0.7.2/quickstart/install_with_flink_and_spark_cluster.html">Install Zeppelin with Flink and Spark Clusters Tutorial</a></li> + </ul> + </li> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Interpreter <b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu"> + <li><a href="/docs/0.7.2/manual/interpreters.html">Overview</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Usage</b><span></li> + <li><a href="/docs/0.7.2/manual/interpreterinstallation.html">Interpreter Installation</a></li> + <!--<li><a href="/docs/0.7.2/manual/dynamicinterpreterload.html">Dynamic Interpreter Loading</a></li>--> + <li><a href="/docs/0.7.2/manual/dependencymanagement.html">Interpreter Dependency Management</a></li> + <li><a href="/docs/0.7.2/manual/userimpersonation.html">Interpreter User Impersonation</a></li> + <li><a href="/docs/0.7.2/manual/interpreterexechooks.html">Interpreter Execution Hooks (Experimental)</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Available Interpreters</b><span></li> + <li><a href="/docs/0.7.2/interpreter/alluxio.html">Alluxio</a></li> + <li><a href="/docs/0.7.2/interpreter/beam.html">Beam</a></li> + <li><a href="/docs/0.7.2/interpreter/bigquery.html">BigQuery</a></li> + <li><a href="/docs/0.7.2/interpreter/cassandra.html">Cassandra</a></li> + <li><a href="/docs/0.7.2/interpreter/elasticsearch.html">Elasticsearch</a></li> + <li><a href="/docs/0.7.2/interpreter/flink.html">Flink</a></li> + <li><a href="/docs/0.7.2/interpreter/geode.html">Geode</a></li> + <li><a href="/docs/0.7.2/interpreter/hbase.html">HBase</a></li> + <li><a href="/docs/0.7.2/interpreter/hdfs.html">HDFS</a></li> + <li><a href="/docs/0.7.2/interpreter/hive.html">Hive</a></li> + <li><a href="/docs/0.7.2/interpreter/ignite.html">Ignite</a></li> + <li><a href="/docs/0.7.2/interpreter/jdbc.html">JDBC</a></li> + <li><a href="/docs/0.7.2/interpreter/kylin.html">Kylin</a></li> + <li><a href="/docs/0.7.2/interpreter/lens.html">Lens</a></li> + <li><a href="/docs/0.7.2/interpreter/livy.html">Livy</a></li> + <li><a href="/docs/0.7.2/interpreter/markdown.html">Markdown</a></li> + <li><a href="/docs/0.7.2/interpreter/pig.html">Pig</a></li> + <li><a href="/docs/0.7.2/interpreter/python.html">Python</a></li> + <li><a href="/docs/0.7.2/interpreter/postgresql.html">Postgresql, HAWQ</a></li> + <li><a href="/docs/0.7.2/interpreter/r.html">R</a></li> + <li><a href="/docs/0.7.2/interpreter/scalding.html">Scalding</a></li> + <li><a href="/docs/0.7.2/interpreter/scio.html">Scio</a></li> + <li><a href="/docs/0.7.2/interpreter/shell.html">Shell</a></li> + <li><a href="/docs/0.7.2/interpreter/spark.html">Spark</a></li> + </ul> + </li> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Display System <b class="caret"></b></a> + <ul class="dropdown-menu"> + <li class="title"><span><b>Basic Display System</b><span></li> + <li><a href="/docs/0.7.2/displaysystem/basicdisplaysystem.html#text">Text</a></li> + <li><a href="/docs/0.7.2/displaysystem/basicdisplaysystem.html#html">Html</a></li> + <li><a href="/docs/0.7.2/displaysystem/basicdisplaysystem.html#table">Table</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Angular API</b><span></li> + <li><a href="/docs/0.7.2/displaysystem/back-end-angular.html">Angular (backend API)</a></li> + <li><a href="/docs/0.7.2/displaysystem/front-end-angular.html">Angular (frontend API)</a></li> + </ul> + </li> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">More<b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu" style="right: 0; left: auto;"> + <li class="title"><span><b>Notebook Storage</b><span></li> + <li><a href="/docs/0.7.2/storage/storage.html#notebook-storage-in-local-git-repository">Git Storage</a></li> + <li><a href="/docs/0.7.2/storage/storage.html#notebook-storage-in-s3">S3 Storage</a></li> + <li><a href="/docs/0.7.2/storage/storage.html#notebook-storage-in-azure">Azure Storage</a></li> + <li><a href="/docs/0.7.2/storage/storage.html#storage-in-zeppelinhub">ZeppelinHub Storage</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>REST API</b><span></li> + <li><a href="/docs/0.7.2/rest-api/rest-interpreter.html">Interpreter API</a></li> + <li><a href="/docs/0.7.2/rest-api/rest-notebook.html">Notebook API</a></li> + <li><a href="/docs/0.7.2/rest-api/rest-notebookRepo.html">Notebook Repository API</a></li> + <li><a href="/docs/0.7.2/rest-api/rest-configuration.html">Configuration API</a></li> + <li><a href="/docs/0.7.2/rest-api/rest-credential.html">Credential API</a></li> + <li><a href="/docs/0.7.2/rest-api/rest-helium.html">Helium API</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Security</b><span></li> + <li><a href="/docs/0.7.2/security/shiroauthentication.html">Shiro Authentication</a></li> + <li><a href="/docs/0.7.2/security/notebook_authorization.html">Notebook Authorization</a></li> + <li><a href="/docs/0.7.2/security/datasource_authorization.html">Data Source Authorization</a></li> + <li><a href="/docs/0.7.2/security/helium_authorization.html">Helium Authorization</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Advanced</b><span></li> + <li><a href="/docs/0.7.2/install/virtual_machine.html">Zeppelin on Vagrant VM</a></li> + <li><a href="/docs/0.7.2/install/spark_cluster_mode.html#spark-standalone-mode">Zeppelin on Spark Cluster Mode (Standalone)</a></li> + <li><a href="/docs/0.7.2/install/spark_cluster_mode.html#spark-on-yarn-mode">Zeppelin on Spark Cluster Mode (YARN)</a></li> + <li><a href="/docs/0.7.2/install/spark_cluster_mode.html#spark-on-mesos-mode">Zeppelin on Spark Cluster Mode (Mesos)</a></li> + <li><a href="/docs/0.7.2/install/cdh.html">Zeppelin on CDH</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Contibute</b><span></li> + <li><a href="/docs/0.7.2/development/writingzeppelininterpreter.html">Writing Zeppelin Interpreter</a></li> + <li><a href="/docs/0.7.2/development/writingzeppelinvisualization.html">Writing Zeppelin Visualization (Experimental)</a></li> + <li><a href="/docs/0.7.2/development/writingzeppelinapplication.html">Writing Zeppelin Application (Experimental)</a></li> + <li><a href="/docs/0.7.2/development/howtocontribute.html">How to contribute (code)</a></li> + <li><a href="/docs/0.7.2/development/howtocontributewebsite.html">How to contribute (website)</a></li> + </ul> + </li> + <li> + <a href="/docs/0.7.2/search.html" class="nav-search-link"> + <span class="fa fa-search nav-search-icon"></span> + </a> + </li> + </ul> + </nav><!--/.navbar-collapse --> + </div> + </div> + + + + <div class="content"> + +<!--<div class="hero-unit Authentication for NGINX"> + <h1></h1> +</div> +--> + +<div class="row"> + <div class="col-md-12"> + <!-- +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +--> + +<h1>Authentication for NGINX</h1> + +<div id="toc"></div> + +<p><a href="./shiroauthentication.html">Build in authentication mechanism</a> is recommended way for authentication. In case of you want authenticate using NGINX and <a href="https://en.wikipedia.org/wiki/Basic_access_authentication";>HTTP basic auth</a>, please read this document.</p> + +<h2>HTTP Basic Authentication using NGINX</h2> + +<blockquote> +<p><strong>Quote from Wikipedia:</strong> NGINX is a web server. It can act as a reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols, as well as a load balancer and an HTTP cache.</p> +</blockquote> + +<p>So you can use NGINX server as proxy server to serve HTTP Basic Authentication as a separate process along with Zeppelin server. +Here are instructions how to accomplish the setup NGINX as a front-end authentication server and connect Zeppelin at behind.</p> + +<p>This instruction based on Ubuntu 14.04 LTS but may work with other OS with few configuration changes.</p> + +<ol> +<li><p>Install NGINX server on your server instance</p> + +<p>You can install NGINX server with same box where zeppelin installed or separate box where it is dedicated to serve as proxy server.</p> +<div class="highlight"><pre><code class="text language-text" data-lang="text">$ apt-get install nginx +</code></pre></div> +<blockquote> +<p><strong>NOTE :</strong> On pre 1.3.13 version of NGINX, Proxy for Websocket may not fully works. Please use latest version of NGINX. See: <a href="https://www.nginx.com/blog/websocket-nginx/";>NGINX documentation</a>.</p> +</blockquote></li> +<li><p>Setup init script in NGINX</p> + +<p>In most cases, NGINX configuration located under <code>/etc/nginx/sites-available</code>. Create your own configuration or add your existing configuration at <code>/etc/nginx/sites-available</code>.</p> +<div class="highlight"><pre><code class="text language-text" data-lang="text">$ cd /etc/nginx/sites-available +$ touch my-zeppelin-auth-setting +</code></pre></div> +<p>Now add this script into <code>my-zeppelin-auth-setting</code> file. You can comment out <code>optional</code> lines If you want serve Zeppelin under regular HTTP 80 Port.</p> +<div class="highlight"><pre><code class="text language-text" data-lang="text">upstream zeppelin { + server [YOUR-ZEPPELIN-SERVER-IP]:[YOUR-ZEPPELIN-SERVER-PORT]; # For security, It is highly recommended to make this address/port as non-public accessible +} + +# Zeppelin Website +server { + listen [YOUR-ZEPPELIN-WEB-SERVER-PORT]; + listen 443 ssl; # optional, to serve HTTPS connection + server_name [YOUR-ZEPPELIN-SERVER-HOST]; # for example: zeppelin.mycompany.com + + ssl_certificate [PATH-TO-YOUR-CERT-FILE]; # optional, to serve HTTPS connection + ssl_certificate_key [PATH-TO-YOUR-CERT-KEY-FILE]; # optional, to serve HTTPS connection + + if ($ssl_protocol = "") { + rewrite ^ https://$host$request_uri? permanent; # optional, to force use of HTTPS + } + + location / { # For regular websever support + proxy_pass http://zeppelin; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_redirect off; + auth_basic "Restricted"; + auth_basic_user_file /etc/nginx/.htpasswd; + } + + location /ws { # For websocket support + proxy_pass http://zeppelin/ws; + proxy_http_version 1.1; + proxy_set_header Upgrade websocket; + proxy_set_header Connection upgrade; + proxy_read_timeout 86400; + } +} +</code></pre></div> +<p>Then make a symbolic link to this file from <code>/etc/nginx/sites-enabled/</code> to enable configuration above when NGINX reloads.</p> +<div class="highlight"><pre><code class="text language-text" data-lang="text">$ ln -s /etc/nginx/sites-enabled/my-zeppelin-auth-setting /etc/nginx/sites-available/my-zeppelin-auth-setting +</code></pre></div></li> +<li><p>Setup user credential into <code>.htpasswd</code> file and restart server</p> + +<p>Now you need to setup <code>.htpasswd</code> file to serve list of authenticated user credentials for NGINX server.</p> +<div class="highlight"><pre><code class="text language-text" data-lang="text">$ cd /etc/nginx +$ htpasswd -c htpasswd [YOUR-ID] +$ NEW passwd: [YOUR-PASSWORD] +$ RE-type new passwd: [YOUR-PASSWORD-AGAIN] +</code></pre></div> +<p>Or you can use your own apache <code>.htpasswd</code> files in other location for setting up property: <code>auth_basic_user_file</code></p> + +<p>Restart NGINX server.</p> +<div class="highlight"><pre><code class="text language-text" data-lang="text">$ service nginx restart +</code></pre></div> +<p>Then check HTTP Basic Authentication works in browser. If you can see regular basic auth popup and then able to login with credential you entered into <code>.htpasswd</code> you are good to go.</p></li> +<li><p>More security consideration</p></li> +</ol> + +<ul> +<li>Using HTTPS connection with Basic Authentication is highly recommended since basic auth without encryption may expose your important credential information over the network.</li> +<li>Using <a href="./shiroauthentication.html">Shiro Security feature built-into Zeppelin</a> is recommended if you prefer all-in-one solution for authentication but NGINX may provides ad-hoc solution for re-use authentication served by your system's NGINX server or in case of you need to separate authentication from zeppelin server.</li> +<li>It is recommended to isolate direct connection to Zeppelin server from public internet or external services to secure your zeppelin instance from unexpected attack or problems caused by public zone.</li> +</ul> + +<h2>Another option</h2> + +<p>Another option is to have an authentication server that can verify user credentials in an LDAP server. +If an incoming request to the Zeppelin server does not have a cookie with user information encrypted with the authentication server public key, the user +is redirected to the authentication server. Once the user is verified, the authentication server redirects the browser to a specific URL in the Zeppelin server which sets the authentication cookie in the browser. +The end result is that all requests to the Zeppelin web server have the authentication cookie which contains user and groups information.</p> + + </div> +</div> + + + <hr> + <footer> + <!-- <p>© 2017 The Apache Software Foundation</p>--> + </footer> + </div> + + + + + <script type="text/javascript"> + (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ + (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), + m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) + })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); + + ga('create', 'UA-45176241-5', 'zeppelin.apache.org'); + ga('require', 'linkid', 'linkid.js'); + ga('send', 'pageview'); + +</script> + + + + </body> +</html> +
Added: zeppelin/site/docs/0.7.2/security/datasource_authorization.html URL: http://svn.apache.org/viewvc/zeppelin/site/docs/0.7.2/security/datasource_authorization.html?rev=1798613&view=auto ============================================================================== --- zeppelin/site/docs/0.7.2/security/datasource_authorization.html (added) +++ zeppelin/site/docs/0.7.2/security/datasource_authorization.html Tue Jun 13 16:55:32 2017 @@ -0,0 +1,294 @@ + +<!DOCTYPE html> +<html lang="en"> + <head> + <meta charset="utf-8"> + <title>Apache Zeppelin 0.7.2 Documentation: Data Source Authorization in Apache Zeppelin</title> + <meta name="description" content="Apache Zeppelin supports protected data sources. In case of a MySql database, every users can set up their own credentials to access it."> + <meta name="author" content="The Apache Software Foundation"> + + <!-- Enable responsive viewport --> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + + <!-- Le HTML5 shim, for IE6-8 support of HTML elements --> + <!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js";></script> + <![endif]--> + + <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css" rel="stylesheet"> + + <!-- Le styles --> + <link href="/docs/0.7.2/assets/themes/zeppelin/bootstrap/css/bootstrap.css" rel="stylesheet"> + <link href="/docs/0.7.2/assets/themes/zeppelin/css/style.css?body=1" rel="stylesheet" type="text/css"> + <link href="/docs/0.7.2/assets/themes/zeppelin/css/syntax.css" rel="stylesheet" type="text/css" media="screen" /> + <!-- Le fav and touch icons --> + <!-- Update these with your own images + <link rel="shortcut icon" href="images/favicon.ico"> + <link rel="apple-touch-icon" href="images/apple-touch-icon.png"> + <link rel="apple-touch-icon" sizes="72x72" href="images/apple-touch-icon-72x72.png"> + <link rel="apple-touch-icon" sizes="114x114" href="images/apple-touch-icon-114x114.png"> + --> + + <!-- Js --> + <script src="https://code.jquery.com/jquery-1.10.2.min.js";></script> + <script src="/docs/0.7.2/assets/themes/zeppelin/bootstrap/js/bootstrap.min.js"></script> + <script src="/docs/0.7.2/assets/themes/zeppelin/js/docs.js"></script> + <script src="/docs/0.7.2/assets/themes/zeppelin/js/anchor.min.js"></script> + <script src="/docs/0.7.2/assets/themes/zeppelin/js/toc.js"></script> + <script src="/docs/0.7.2/assets/themes/zeppelin/js/lunr.min.js"></script> + <script src="/docs/0.7.2/assets/themes/zeppelin/js/search.js"></script> + + <!-- atom & rss feed --> + <link href="/docs/0.7.2/atom.xml" type="application/atom+xml" rel="alternate" title="Sitewide ATOM Feed"> + <link href="/docs/0.7.2/rss.xml" type="application/rss+xml" rel="alternate" title="Sitewide RSS Feed"> + </head> + + <body> + + <div id="menu" class="navbar navbar-inverse navbar-fixed-top" role="navigation"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <div class="navbar-brand"> + <a class="navbar-brand-main" href="http://zeppelin.apache.org";> + <img src="/assets/themes/zeppelin/img/zeppelin_logo.png" width="50" alt="I'm zeppelin"> + <span style="vertical-align:middle">Zeppelin</span> + </a> + <a class="navbar-brand-version" href="/docs/0.7.2"> + <span><small>0.7.2</small></span> + </a> + </div> + </div> + <nav class="navbar-collapse collapse" role="navigation"> + <ul class="nav navbar-nav"> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Quick Start <b class="caret"></b></a> + <ul class="dropdown-menu"> + <li><a href="/docs/0.7.2/index.html">What is Apache Zeppelin ?</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Getting Started</b><span></li> + <li><a href="/docs/0.7.2/install/install.html">Install</a></li> + <li><a href="/docs/0.7.2/install/configuration.html">Configuration</a></li> + <li><a href="/docs/0.7.2/quickstart/explorezeppelinui.html">Explore Zeppelin UI</a></li> + <li><a href="/docs/0.7.2/quickstart/tutorial.html">Tutorial</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Basic Feature Guide</b><span></li> + <li><a href="/docs/0.7.2/manual/dynamicform.html">Dynamic Form</a></li> + <li><a href="/docs/0.7.2/manual/publish.html">Publish your Paragraph</a></li> + <li><a href="/docs/0.7.2/manual/notebookashomepage.html">Customize Zeppelin Homepage</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>More</b><span></li> + <li><a href="/docs/0.7.2/install/upgrade.html">Upgrade Zeppelin Version</a></li> + <li><a href="/docs/0.7.2/install/build.html">Build from source</a></li> + <li><a href="/docs/0.7.2/quickstart/install_with_flink_and_spark_cluster.html">Install Zeppelin with Flink and Spark Clusters Tutorial</a></li> + </ul> + </li> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Interpreter <b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu"> + <li><a href="/docs/0.7.2/manual/interpreters.html">Overview</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Usage</b><span></li> + <li><a href="/docs/0.7.2/manual/interpreterinstallation.html">Interpreter Installation</a></li> + <!--<li><a href="/docs/0.7.2/manual/dynamicinterpreterload.html">Dynamic Interpreter Loading</a></li>--> + <li><a href="/docs/0.7.2/manual/dependencymanagement.html">Interpreter Dependency Management</a></li> + <li><a href="/docs/0.7.2/manual/userimpersonation.html">Interpreter User Impersonation</a></li> + <li><a href="/docs/0.7.2/manual/interpreterexechooks.html">Interpreter Execution Hooks (Experimental)</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Available Interpreters</b><span></li> + <li><a href="/docs/0.7.2/interpreter/alluxio.html">Alluxio</a></li> + <li><a href="/docs/0.7.2/interpreter/beam.html">Beam</a></li> + <li><a href="/docs/0.7.2/interpreter/bigquery.html">BigQuery</a></li> + <li><a href="/docs/0.7.2/interpreter/cassandra.html">Cassandra</a></li> + <li><a href="/docs/0.7.2/interpreter/elasticsearch.html">Elasticsearch</a></li> + <li><a href="/docs/0.7.2/interpreter/flink.html">Flink</a></li> + <li><a href="/docs/0.7.2/interpreter/geode.html">Geode</a></li> + <li><a href="/docs/0.7.2/interpreter/hbase.html">HBase</a></li> + <li><a href="/docs/0.7.2/interpreter/hdfs.html">HDFS</a></li> + <li><a href="/docs/0.7.2/interpreter/hive.html">Hive</a></li> + <li><a href="/docs/0.7.2/interpreter/ignite.html">Ignite</a></li> + <li><a href="/docs/0.7.2/interpreter/jdbc.html">JDBC</a></li> + <li><a href="/docs/0.7.2/interpreter/kylin.html">Kylin</a></li> + <li><a href="/docs/0.7.2/interpreter/lens.html">Lens</a></li> + <li><a href="/docs/0.7.2/interpreter/livy.html">Livy</a></li> + <li><a href="/docs/0.7.2/interpreter/markdown.html">Markdown</a></li> + <li><a href="/docs/0.7.2/interpreter/pig.html">Pig</a></li> + <li><a href="/docs/0.7.2/interpreter/python.html">Python</a></li> + <li><a href="/docs/0.7.2/interpreter/postgresql.html">Postgresql, HAWQ</a></li> + <li><a href="/docs/0.7.2/interpreter/r.html">R</a></li> + <li><a href="/docs/0.7.2/interpreter/scalding.html">Scalding</a></li> + <li><a href="/docs/0.7.2/interpreter/scio.html">Scio</a></li> + <li><a href="/docs/0.7.2/interpreter/shell.html">Shell</a></li> + <li><a href="/docs/0.7.2/interpreter/spark.html">Spark</a></li> + </ul> + </li> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Display System <b class="caret"></b></a> + <ul class="dropdown-menu"> + <li class="title"><span><b>Basic Display System</b><span></li> + <li><a href="/docs/0.7.2/displaysystem/basicdisplaysystem.html#text">Text</a></li> + <li><a href="/docs/0.7.2/displaysystem/basicdisplaysystem.html#html">Html</a></li> + <li><a href="/docs/0.7.2/displaysystem/basicdisplaysystem.html#table">Table</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Angular API</b><span></li> + <li><a href="/docs/0.7.2/displaysystem/back-end-angular.html">Angular (backend API)</a></li> + <li><a href="/docs/0.7.2/displaysystem/front-end-angular.html">Angular (frontend API)</a></li> + </ul> + </li> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">More<b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu" style="right: 0; left: auto;"> + <li class="title"><span><b>Notebook Storage</b><span></li> + <li><a href="/docs/0.7.2/storage/storage.html#notebook-storage-in-local-git-repository">Git Storage</a></li> + <li><a href="/docs/0.7.2/storage/storage.html#notebook-storage-in-s3">S3 Storage</a></li> + <li><a href="/docs/0.7.2/storage/storage.html#notebook-storage-in-azure">Azure Storage</a></li> + <li><a href="/docs/0.7.2/storage/storage.html#storage-in-zeppelinhub">ZeppelinHub Storage</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>REST API</b><span></li> + <li><a href="/docs/0.7.2/rest-api/rest-interpreter.html">Interpreter API</a></li> + <li><a href="/docs/0.7.2/rest-api/rest-notebook.html">Notebook API</a></li> + <li><a href="/docs/0.7.2/rest-api/rest-notebookRepo.html">Notebook Repository API</a></li> + <li><a href="/docs/0.7.2/rest-api/rest-configuration.html">Configuration API</a></li> + <li><a href="/docs/0.7.2/rest-api/rest-credential.html">Credential API</a></li> + <li><a href="/docs/0.7.2/rest-api/rest-helium.html">Helium API</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Security</b><span></li> + <li><a href="/docs/0.7.2/security/shiroauthentication.html">Shiro Authentication</a></li> + <li><a href="/docs/0.7.2/security/notebook_authorization.html">Notebook Authorization</a></li> + <li><a href="/docs/0.7.2/security/datasource_authorization.html">Data Source Authorization</a></li> + <li><a href="/docs/0.7.2/security/helium_authorization.html">Helium Authorization</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Advanced</b><span></li> + <li><a href="/docs/0.7.2/install/virtual_machine.html">Zeppelin on Vagrant VM</a></li> + <li><a href="/docs/0.7.2/install/spark_cluster_mode.html#spark-standalone-mode">Zeppelin on Spark Cluster Mode (Standalone)</a></li> + <li><a href="/docs/0.7.2/install/spark_cluster_mode.html#spark-on-yarn-mode">Zeppelin on Spark Cluster Mode (YARN)</a></li> + <li><a href="/docs/0.7.2/install/spark_cluster_mode.html#spark-on-mesos-mode">Zeppelin on Spark Cluster Mode (Mesos)</a></li> + <li><a href="/docs/0.7.2/install/cdh.html">Zeppelin on CDH</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Contibute</b><span></li> + <li><a href="/docs/0.7.2/development/writingzeppelininterpreter.html">Writing Zeppelin Interpreter</a></li> + <li><a href="/docs/0.7.2/development/writingzeppelinvisualization.html">Writing Zeppelin Visualization (Experimental)</a></li> + <li><a href="/docs/0.7.2/development/writingzeppelinapplication.html">Writing Zeppelin Application (Experimental)</a></li> + <li><a href="/docs/0.7.2/development/howtocontribute.html">How to contribute (code)</a></li> + <li><a href="/docs/0.7.2/development/howtocontributewebsite.html">How to contribute (website)</a></li> + </ul> + </li> + <li> + <a href="/docs/0.7.2/search.html" class="nav-search-link"> + <span class="fa fa-search nav-search-icon"></span> + </a> + </li> + </ul> + </nav><!--/.navbar-collapse --> + </div> + </div> + + + + <div class="content"> + +<!--<div class="hero-unit Data Source Authorization in Apache Zeppelin"> + <h1></h1> +</div> +--> + +<div class="row"> + <div class="col-md-12"> + <!-- +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +--> + +<h1>Data Source Authorization in Apache Zeppelin</h1> + +<div id="toc"></div> + +<h2>Overview</h2> + +<p>Data source authorization involves authenticating to the data source like a Mysql database and letting it determine user permissions. +Apache Zeppelin allows users to use their own credentials to authenticate with <strong>Data Sources</strong>.</p> + +<p>For example, let's assume you have an account in the Vertica databases with credentials. +You might want to use this account to create a JDBC connection instead of a shared account with all users who are defined in <code>conf/shiro.ini</code>. +In this case, you can add your credential information to Apache Zeppelin and use them with below simple steps. </p> + +<h2>How to save the credential information?</h2> + +<p>You can add new credentials in the dropdown menu for your data source which can be passed to interpreters. </p> + +<p><img class="img-responsive" src="../assets/themes/zeppelin/img/docs-img/credential_tab.png" width="180px"/></p> + +<p><strong>Entity</strong> can be the key that distinguishes each credential sets.(We suggest that the convention of the <strong>Entity</strong> is <code>[Interpreter Group].[Interpreter Name]</code>.) +Please see <a href="../manual/interpreters.html#what-is-interpreter-group">what is interpreter group</a> for the detailed information.</p> + +<p>Type <strong>Username & Password</strong> for your own credentials. ex) Mysql user & password of the JDBC Interpreter.</p> + +<p><img class="img-responsive" src="../assets/themes/zeppelin/img/docs-img/add_credential.png" /></p> + +<p>The credentials saved as per users defined in <code>conf/shiro.ini</code>. +If you didn't activate <a href="./shiroauthentication.html">shiro authentication in Apache Zeppelin</a>, your credential information will be saved as <code>anonymous</code>. +All credential information also can be found in <code>conf/credentials.json</code>. </p> + +<h4>JDBC interpreter</h4> + +<p>You need to maintain per-user connection pools. +The interpret method takes the user string as a parameter and executes the jdbc call using a connection in the user's connection pool.</p> + +<h4>Presto</h4> + +<p>You don't need a password if the Presto DB server runs backend code using HDFS authorization for the user.</p> + +<h4>Vertica and Mysql</h4> + +<p>You have to store the password information for users.</p> + +<h2>Please note</h2> + +<p>As a first step of data source authentication feature, <a href="https://issues.apache.org/jira/browse/ZEPPELIN-828";>ZEPPELIN-828</a> was proposed and implemented in Pull Request <a href="https://github.com/apache/zeppelin/pull/860";>#860</a>. +Currently, only customized 3rd party interpreters can use this feature. We are planning to apply this mechanism to <a href="../manual/interpreterinstallation.html#available-community-managed-interpreters">the community managed interpreters</a> in the near future. +Please keep track <a href="https://issues.apache.org/jira/browse/ZEPPELIN-1070";>ZEPPELIN-1070</a>. </p> + + </div> +</div> + + + <hr> + <footer> + <!-- <p>© 2017 The Apache Software Foundation</p>--> + </footer> + </div> + + + + + <script type="text/javascript"> + (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ + (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), + m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) + })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); + + ga('create', 'UA-45176241-5', 'zeppelin.apache.org'); + ga('require', 'linkid', 'linkid.js'); + ga('send', 'pageview'); + +</script> + + + + </body> +</html> + Added: zeppelin/site/docs/0.7.2/security/helium_authorization.html URL: http://svn.apache.org/viewvc/zeppelin/site/docs/0.7.2/security/helium_authorization.html?rev=1798613&view=auto ============================================================================== --- zeppelin/site/docs/0.7.2/security/helium_authorization.html (added) +++ zeppelin/site/docs/0.7.2/security/helium_authorization.html Tue Jun 13 16:55:32 2017 @@ -0,0 +1,253 @@ + +<!DOCTYPE html> +<html lang="en"> + <head> + <meta charset="utf-8"> + <title>Apache Zeppelin 0.7.2 Documentation: Helium Authorization in Apache Zeppelin</title> + <meta name="description" content="Apache Zeppelin supports Helium plugins which fetch required installer packages from remote registry/repositories"> + <meta name="author" content="The Apache Software Foundation"> + + <!-- Enable responsive viewport --> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + + <!-- Le HTML5 shim, for IE6-8 support of HTML elements --> + <!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js";></script> + <![endif]--> + + <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css" rel="stylesheet"> + + <!-- Le styles --> + <link href="/docs/0.7.2/assets/themes/zeppelin/bootstrap/css/bootstrap.css" rel="stylesheet"> + <link href="/docs/0.7.2/assets/themes/zeppelin/css/style.css?body=1" rel="stylesheet" type="text/css"> + <link href="/docs/0.7.2/assets/themes/zeppelin/css/syntax.css" rel="stylesheet" type="text/css" media="screen" /> + <!-- Le fav and touch icons --> + <!-- Update these with your own images + <link rel="shortcut icon" href="images/favicon.ico"> + <link rel="apple-touch-icon" href="images/apple-touch-icon.png"> + <link rel="apple-touch-icon" sizes="72x72" href="images/apple-touch-icon-72x72.png"> + <link rel="apple-touch-icon" sizes="114x114" href="images/apple-touch-icon-114x114.png"> + --> + + <!-- Js --> + <script src="https://code.jquery.com/jquery-1.10.2.min.js";></script> + <script src="/docs/0.7.2/assets/themes/zeppelin/bootstrap/js/bootstrap.min.js"></script> + <script src="/docs/0.7.2/assets/themes/zeppelin/js/docs.js"></script> + <script src="/docs/0.7.2/assets/themes/zeppelin/js/anchor.min.js"></script> + <script src="/docs/0.7.2/assets/themes/zeppelin/js/toc.js"></script> + <script src="/docs/0.7.2/assets/themes/zeppelin/js/lunr.min.js"></script> + <script src="/docs/0.7.2/assets/themes/zeppelin/js/search.js"></script> + + <!-- atom & rss feed --> + <link href="/docs/0.7.2/atom.xml" type="application/atom+xml" rel="alternate" title="Sitewide ATOM Feed"> + <link href="/docs/0.7.2/rss.xml" type="application/rss+xml" rel="alternate" title="Sitewide RSS Feed"> + </head> + + <body> + + <div id="menu" class="navbar navbar-inverse navbar-fixed-top" role="navigation"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <div class="navbar-brand"> + <a class="navbar-brand-main" href="http://zeppelin.apache.org";> + <img src="/assets/themes/zeppelin/img/zeppelin_logo.png" width="50" alt="I'm zeppelin"> + <span style="vertical-align:middle">Zeppelin</span> + </a> + <a class="navbar-brand-version" href="/docs/0.7.2"> + <span><small>0.7.2</small></span> + </a> + </div> + </div> + <nav class="navbar-collapse collapse" role="navigation"> + <ul class="nav navbar-nav"> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Quick Start <b class="caret"></b></a> + <ul class="dropdown-menu"> + <li><a href="/docs/0.7.2/index.html">What is Apache Zeppelin ?</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Getting Started</b><span></li> + <li><a href="/docs/0.7.2/install/install.html">Install</a></li> + <li><a href="/docs/0.7.2/install/configuration.html">Configuration</a></li> + <li><a href="/docs/0.7.2/quickstart/explorezeppelinui.html">Explore Zeppelin UI</a></li> + <li><a href="/docs/0.7.2/quickstart/tutorial.html">Tutorial</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Basic Feature Guide</b><span></li> + <li><a href="/docs/0.7.2/manual/dynamicform.html">Dynamic Form</a></li> + <li><a href="/docs/0.7.2/manual/publish.html">Publish your Paragraph</a></li> + <li><a href="/docs/0.7.2/manual/notebookashomepage.html">Customize Zeppelin Homepage</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>More</b><span></li> + <li><a href="/docs/0.7.2/install/upgrade.html">Upgrade Zeppelin Version</a></li> + <li><a href="/docs/0.7.2/install/build.html">Build from source</a></li> + <li><a href="/docs/0.7.2/quickstart/install_with_flink_and_spark_cluster.html">Install Zeppelin with Flink and Spark Clusters Tutorial</a></li> + </ul> + </li> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Interpreter <b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu"> + <li><a href="/docs/0.7.2/manual/interpreters.html">Overview</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Usage</b><span></li> + <li><a href="/docs/0.7.2/manual/interpreterinstallation.html">Interpreter Installation</a></li> + <!--<li><a href="/docs/0.7.2/manual/dynamicinterpreterload.html">Dynamic Interpreter Loading</a></li>--> + <li><a href="/docs/0.7.2/manual/dependencymanagement.html">Interpreter Dependency Management</a></li> + <li><a href="/docs/0.7.2/manual/userimpersonation.html">Interpreter User Impersonation</a></li> + <li><a href="/docs/0.7.2/manual/interpreterexechooks.html">Interpreter Execution Hooks (Experimental)</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Available Interpreters</b><span></li> + <li><a href="/docs/0.7.2/interpreter/alluxio.html">Alluxio</a></li> + <li><a href="/docs/0.7.2/interpreter/beam.html">Beam</a></li> + <li><a href="/docs/0.7.2/interpreter/bigquery.html">BigQuery</a></li> + <li><a href="/docs/0.7.2/interpreter/cassandra.html">Cassandra</a></li> + <li><a href="/docs/0.7.2/interpreter/elasticsearch.html">Elasticsearch</a></li> + <li><a href="/docs/0.7.2/interpreter/flink.html">Flink</a></li> + <li><a href="/docs/0.7.2/interpreter/geode.html">Geode</a></li> + <li><a href="/docs/0.7.2/interpreter/hbase.html">HBase</a></li> + <li><a href="/docs/0.7.2/interpreter/hdfs.html">HDFS</a></li> + <li><a href="/docs/0.7.2/interpreter/hive.html">Hive</a></li> + <li><a href="/docs/0.7.2/interpreter/ignite.html">Ignite</a></li> + <li><a href="/docs/0.7.2/interpreter/jdbc.html">JDBC</a></li> + <li><a href="/docs/0.7.2/interpreter/kylin.html">Kylin</a></li> + <li><a href="/docs/0.7.2/interpreter/lens.html">Lens</a></li> + <li><a href="/docs/0.7.2/interpreter/livy.html">Livy</a></li> + <li><a href="/docs/0.7.2/interpreter/markdown.html">Markdown</a></li> + <li><a href="/docs/0.7.2/interpreter/pig.html">Pig</a></li> + <li><a href="/docs/0.7.2/interpreter/python.html">Python</a></li> + <li><a href="/docs/0.7.2/interpreter/postgresql.html">Postgresql, HAWQ</a></li> + <li><a href="/docs/0.7.2/interpreter/r.html">R</a></li> + <li><a href="/docs/0.7.2/interpreter/scalding.html">Scalding</a></li> + <li><a href="/docs/0.7.2/interpreter/scio.html">Scio</a></li> + <li><a href="/docs/0.7.2/interpreter/shell.html">Shell</a></li> + <li><a href="/docs/0.7.2/interpreter/spark.html">Spark</a></li> + </ul> + </li> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Display System <b class="caret"></b></a> + <ul class="dropdown-menu"> + <li class="title"><span><b>Basic Display System</b><span></li> + <li><a href="/docs/0.7.2/displaysystem/basicdisplaysystem.html#text">Text</a></li> + <li><a href="/docs/0.7.2/displaysystem/basicdisplaysystem.html#html">Html</a></li> + <li><a href="/docs/0.7.2/displaysystem/basicdisplaysystem.html#table">Table</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Angular API</b><span></li> + <li><a href="/docs/0.7.2/displaysystem/back-end-angular.html">Angular (backend API)</a></li> + <li><a href="/docs/0.7.2/displaysystem/front-end-angular.html">Angular (frontend API)</a></li> + </ul> + </li> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">More<b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu" style="right: 0; left: auto;"> + <li class="title"><span><b>Notebook Storage</b><span></li> + <li><a href="/docs/0.7.2/storage/storage.html#notebook-storage-in-local-git-repository">Git Storage</a></li> + <li><a href="/docs/0.7.2/storage/storage.html#notebook-storage-in-s3">S3 Storage</a></li> + <li><a href="/docs/0.7.2/storage/storage.html#notebook-storage-in-azure">Azure Storage</a></li> + <li><a href="/docs/0.7.2/storage/storage.html#storage-in-zeppelinhub">ZeppelinHub Storage</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>REST API</b><span></li> + <li><a href="/docs/0.7.2/rest-api/rest-interpreter.html">Interpreter API</a></li> + <li><a href="/docs/0.7.2/rest-api/rest-notebook.html">Notebook API</a></li> + <li><a href="/docs/0.7.2/rest-api/rest-notebookRepo.html">Notebook Repository API</a></li> + <li><a href="/docs/0.7.2/rest-api/rest-configuration.html">Configuration API</a></li> + <li><a href="/docs/0.7.2/rest-api/rest-credential.html">Credential API</a></li> + <li><a href="/docs/0.7.2/rest-api/rest-helium.html">Helium API</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Security</b><span></li> + <li><a href="/docs/0.7.2/security/shiroauthentication.html">Shiro Authentication</a></li> + <li><a href="/docs/0.7.2/security/notebook_authorization.html">Notebook Authorization</a></li> + <li><a href="/docs/0.7.2/security/datasource_authorization.html">Data Source Authorization</a></li> + <li><a href="/docs/0.7.2/security/helium_authorization.html">Helium Authorization</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Advanced</b><span></li> + <li><a href="/docs/0.7.2/install/virtual_machine.html">Zeppelin on Vagrant VM</a></li> + <li><a href="/docs/0.7.2/install/spark_cluster_mode.html#spark-standalone-mode">Zeppelin on Spark Cluster Mode (Standalone)</a></li> + <li><a href="/docs/0.7.2/install/spark_cluster_mode.html#spark-on-yarn-mode">Zeppelin on Spark Cluster Mode (YARN)</a></li> + <li><a href="/docs/0.7.2/install/spark_cluster_mode.html#spark-on-mesos-mode">Zeppelin on Spark Cluster Mode (Mesos)</a></li> + <li><a href="/docs/0.7.2/install/cdh.html">Zeppelin on CDH</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Contibute</b><span></li> + <li><a href="/docs/0.7.2/development/writingzeppelininterpreter.html">Writing Zeppelin Interpreter</a></li> + <li><a href="/docs/0.7.2/development/writingzeppelinvisualization.html">Writing Zeppelin Visualization (Experimental)</a></li> + <li><a href="/docs/0.7.2/development/writingzeppelinapplication.html">Writing Zeppelin Application (Experimental)</a></li> + <li><a href="/docs/0.7.2/development/howtocontribute.html">How to contribute (code)</a></li> + <li><a href="/docs/0.7.2/development/howtocontributewebsite.html">How to contribute (website)</a></li> + </ul> + </li> + <li> + <a href="/docs/0.7.2/search.html" class="nav-search-link"> + <span class="fa fa-search nav-search-icon"></span> + </a> + </li> + </ul> + </nav><!--/.navbar-collapse --> + </div> + </div> + + + + <div class="content"> + +<!--<div class="hero-unit Helium Authorization in Apache Zeppelin"> + <h1></h1> +</div> +--> + +<div class="row"> + <div class="col-md-12"> + <!-- +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +--> + +<h1>Helium Authorization in Apache Zeppelin</h1> + +<div id="toc"></div> + +<h2>How to configure proxies?</h2> + +<p>Set <strong>http_proxy</strong> and <strong>https_proxy</strong> env variables to allow connection to npm registry behind a corporate firewall.</p> + + </div> +</div> + + + <hr> + <footer> + <!-- <p>© 2017 The Apache Software Foundation</p>--> + </footer> + </div> + + + + + <script type="text/javascript"> + (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ + (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), + m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) + })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); + + ga('create', 'UA-45176241-5', 'zeppelin.apache.org'); + ga('require', 'linkid', 'linkid.js'); + ga('send', 'pageview'); + +</script> + + + + </body> +</html> + Added: zeppelin/site/docs/0.7.2/security/notebook_authorization.html URL: http://svn.apache.org/viewvc/zeppelin/site/docs/0.7.2/security/notebook_authorization.html?rev=1798613&view=auto ============================================================================== --- zeppelin/site/docs/0.7.2/security/notebook_authorization.html (added) +++ zeppelin/site/docs/0.7.2/security/notebook_authorization.html Tue Jun 13 16:55:32 2017 @@ -0,0 +1,306 @@ + +<!DOCTYPE html> +<html lang="en"> + <head> + <meta charset="utf-8"> + <title>Apache Zeppelin 0.7.2 Documentation: Notebook Authorization in Apache Zeppelin</title> + <meta name="description" content="This page will guide you how you can set the permission for Zeppelin notebooks. This document assumes that Apache Shiro authentication was set up."> + <meta name="author" content="The Apache Software Foundation"> + + <!-- Enable responsive viewport --> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + + <!-- Le HTML5 shim, for IE6-8 support of HTML elements --> + <!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js";></script> + <![endif]--> + + <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css" rel="stylesheet"> + + <!-- Le styles --> + <link href="/docs/0.7.2/assets/themes/zeppelin/bootstrap/css/bootstrap.css" rel="stylesheet"> + <link href="/docs/0.7.2/assets/themes/zeppelin/css/style.css?body=1" rel="stylesheet" type="text/css"> + <link href="/docs/0.7.2/assets/themes/zeppelin/css/syntax.css" rel="stylesheet" type="text/css" media="screen" /> + <!-- Le fav and touch icons --> + <!-- Update these with your own images + <link rel="shortcut icon" href="images/favicon.ico"> + <link rel="apple-touch-icon" href="images/apple-touch-icon.png"> + <link rel="apple-touch-icon" sizes="72x72" href="images/apple-touch-icon-72x72.png"> + <link rel="apple-touch-icon" sizes="114x114" href="images/apple-touch-icon-114x114.png"> + --> + + <!-- Js --> + <script src="https://code.jquery.com/jquery-1.10.2.min.js";></script> + <script src="/docs/0.7.2/assets/themes/zeppelin/bootstrap/js/bootstrap.min.js"></script> + <script src="/docs/0.7.2/assets/themes/zeppelin/js/docs.js"></script> + <script src="/docs/0.7.2/assets/themes/zeppelin/js/anchor.min.js"></script> + <script src="/docs/0.7.2/assets/themes/zeppelin/js/toc.js"></script> + <script src="/docs/0.7.2/assets/themes/zeppelin/js/lunr.min.js"></script> + <script src="/docs/0.7.2/assets/themes/zeppelin/js/search.js"></script> + + <!-- atom & rss feed --> + <link href="/docs/0.7.2/atom.xml" type="application/atom+xml" rel="alternate" title="Sitewide ATOM Feed"> + <link href="/docs/0.7.2/rss.xml" type="application/rss+xml" rel="alternate" title="Sitewide RSS Feed"> + </head> + + <body> + + <div id="menu" class="navbar navbar-inverse navbar-fixed-top" role="navigation"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <div class="navbar-brand"> + <a class="navbar-brand-main" href="http://zeppelin.apache.org";> + <img src="/assets/themes/zeppelin/img/zeppelin_logo.png" width="50" alt="I'm zeppelin"> + <span style="vertical-align:middle">Zeppelin</span> + </a> + <a class="navbar-brand-version" href="/docs/0.7.2"> + <span><small>0.7.2</small></span> + </a> + </div> + </div> + <nav class="navbar-collapse collapse" role="navigation"> + <ul class="nav navbar-nav"> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Quick Start <b class="caret"></b></a> + <ul class="dropdown-menu"> + <li><a href="/docs/0.7.2/index.html">What is Apache Zeppelin ?</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Getting Started</b><span></li> + <li><a href="/docs/0.7.2/install/install.html">Install</a></li> + <li><a href="/docs/0.7.2/install/configuration.html">Configuration</a></li> + <li><a href="/docs/0.7.2/quickstart/explorezeppelinui.html">Explore Zeppelin UI</a></li> + <li><a href="/docs/0.7.2/quickstart/tutorial.html">Tutorial</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Basic Feature Guide</b><span></li> + <li><a href="/docs/0.7.2/manual/dynamicform.html">Dynamic Form</a></li> + <li><a href="/docs/0.7.2/manual/publish.html">Publish your Paragraph</a></li> + <li><a href="/docs/0.7.2/manual/notebookashomepage.html">Customize Zeppelin Homepage</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>More</b><span></li> + <li><a href="/docs/0.7.2/install/upgrade.html">Upgrade Zeppelin Version</a></li> + <li><a href="/docs/0.7.2/install/build.html">Build from source</a></li> + <li><a href="/docs/0.7.2/quickstart/install_with_flink_and_spark_cluster.html">Install Zeppelin with Flink and Spark Clusters Tutorial</a></li> + </ul> + </li> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Interpreter <b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu"> + <li><a href="/docs/0.7.2/manual/interpreters.html">Overview</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Usage</b><span></li> + <li><a href="/docs/0.7.2/manual/interpreterinstallation.html">Interpreter Installation</a></li> + <!--<li><a href="/docs/0.7.2/manual/dynamicinterpreterload.html">Dynamic Interpreter Loading</a></li>--> + <li><a href="/docs/0.7.2/manual/dependencymanagement.html">Interpreter Dependency Management</a></li> + <li><a href="/docs/0.7.2/manual/userimpersonation.html">Interpreter User Impersonation</a></li> + <li><a href="/docs/0.7.2/manual/interpreterexechooks.html">Interpreter Execution Hooks (Experimental)</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Available Interpreters</b><span></li> + <li><a href="/docs/0.7.2/interpreter/alluxio.html">Alluxio</a></li> + <li><a href="/docs/0.7.2/interpreter/beam.html">Beam</a></li> + <li><a href="/docs/0.7.2/interpreter/bigquery.html">BigQuery</a></li> + <li><a href="/docs/0.7.2/interpreter/cassandra.html">Cassandra</a></li> + <li><a href="/docs/0.7.2/interpreter/elasticsearch.html">Elasticsearch</a></li> + <li><a href="/docs/0.7.2/interpreter/flink.html">Flink</a></li> + <li><a href="/docs/0.7.2/interpreter/geode.html">Geode</a></li> + <li><a href="/docs/0.7.2/interpreter/hbase.html">HBase</a></li> + <li><a href="/docs/0.7.2/interpreter/hdfs.html">HDFS</a></li> + <li><a href="/docs/0.7.2/interpreter/hive.html">Hive</a></li> + <li><a href="/docs/0.7.2/interpreter/ignite.html">Ignite</a></li> + <li><a href="/docs/0.7.2/interpreter/jdbc.html">JDBC</a></li> + <li><a href="/docs/0.7.2/interpreter/kylin.html">Kylin</a></li> + <li><a href="/docs/0.7.2/interpreter/lens.html">Lens</a></li> + <li><a href="/docs/0.7.2/interpreter/livy.html">Livy</a></li> + <li><a href="/docs/0.7.2/interpreter/markdown.html">Markdown</a></li> + <li><a href="/docs/0.7.2/interpreter/pig.html">Pig</a></li> + <li><a href="/docs/0.7.2/interpreter/python.html">Python</a></li> + <li><a href="/docs/0.7.2/interpreter/postgresql.html">Postgresql, HAWQ</a></li> + <li><a href="/docs/0.7.2/interpreter/r.html">R</a></li> + <li><a href="/docs/0.7.2/interpreter/scalding.html">Scalding</a></li> + <li><a href="/docs/0.7.2/interpreter/scio.html">Scio</a></li> + <li><a href="/docs/0.7.2/interpreter/shell.html">Shell</a></li> + <li><a href="/docs/0.7.2/interpreter/spark.html">Spark</a></li> + </ul> + </li> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Display System <b class="caret"></b></a> + <ul class="dropdown-menu"> + <li class="title"><span><b>Basic Display System</b><span></li> + <li><a href="/docs/0.7.2/displaysystem/basicdisplaysystem.html#text">Text</a></li> + <li><a href="/docs/0.7.2/displaysystem/basicdisplaysystem.html#html">Html</a></li> + <li><a href="/docs/0.7.2/displaysystem/basicdisplaysystem.html#table">Table</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Angular API</b><span></li> + <li><a href="/docs/0.7.2/displaysystem/back-end-angular.html">Angular (backend API)</a></li> + <li><a href="/docs/0.7.2/displaysystem/front-end-angular.html">Angular (frontend API)</a></li> + </ul> + </li> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">More<b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu" style="right: 0; left: auto;"> + <li class="title"><span><b>Notebook Storage</b><span></li> + <li><a href="/docs/0.7.2/storage/storage.html#notebook-storage-in-local-git-repository">Git Storage</a></li> + <li><a href="/docs/0.7.2/storage/storage.html#notebook-storage-in-s3">S3 Storage</a></li> + <li><a href="/docs/0.7.2/storage/storage.html#notebook-storage-in-azure">Azure Storage</a></li> + <li><a href="/docs/0.7.2/storage/storage.html#storage-in-zeppelinhub">ZeppelinHub Storage</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>REST API</b><span></li> + <li><a href="/docs/0.7.2/rest-api/rest-interpreter.html">Interpreter API</a></li> + <li><a href="/docs/0.7.2/rest-api/rest-notebook.html">Notebook API</a></li> + <li><a href="/docs/0.7.2/rest-api/rest-notebookRepo.html">Notebook Repository API</a></li> + <li><a href="/docs/0.7.2/rest-api/rest-configuration.html">Configuration API</a></li> + <li><a href="/docs/0.7.2/rest-api/rest-credential.html">Credential API</a></li> + <li><a href="/docs/0.7.2/rest-api/rest-helium.html">Helium API</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Security</b><span></li> + <li><a href="/docs/0.7.2/security/shiroauthentication.html">Shiro Authentication</a></li> + <li><a href="/docs/0.7.2/security/notebook_authorization.html">Notebook Authorization</a></li> + <li><a href="/docs/0.7.2/security/datasource_authorization.html">Data Source Authorization</a></li> + <li><a href="/docs/0.7.2/security/helium_authorization.html">Helium Authorization</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Advanced</b><span></li> + <li><a href="/docs/0.7.2/install/virtual_machine.html">Zeppelin on Vagrant VM</a></li> + <li><a href="/docs/0.7.2/install/spark_cluster_mode.html#spark-standalone-mode">Zeppelin on Spark Cluster Mode (Standalone)</a></li> + <li><a href="/docs/0.7.2/install/spark_cluster_mode.html#spark-on-yarn-mode">Zeppelin on Spark Cluster Mode (YARN)</a></li> + <li><a href="/docs/0.7.2/install/spark_cluster_mode.html#spark-on-mesos-mode">Zeppelin on Spark Cluster Mode (Mesos)</a></li> + <li><a href="/docs/0.7.2/install/cdh.html">Zeppelin on CDH</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span><b>Contibute</b><span></li> + <li><a href="/docs/0.7.2/development/writingzeppelininterpreter.html">Writing Zeppelin Interpreter</a></li> + <li><a href="/docs/0.7.2/development/writingzeppelinvisualization.html">Writing Zeppelin Visualization (Experimental)</a></li> + <li><a href="/docs/0.7.2/development/writingzeppelinapplication.html">Writing Zeppelin Application (Experimental)</a></li> + <li><a href="/docs/0.7.2/development/howtocontribute.html">How to contribute (code)</a></li> + <li><a href="/docs/0.7.2/development/howtocontributewebsite.html">How to contribute (website)</a></li> + </ul> + </li> + <li> + <a href="/docs/0.7.2/search.html" class="nav-search-link"> + <span class="fa fa-search nav-search-icon"></span> + </a> + </li> + </ul> + </nav><!--/.navbar-collapse --> + </div> + </div> + + + + <div class="content"> + +<!--<div class="hero-unit Notebook Authorization in Apache Zeppelin"> + <h1></h1> +</div> +--> + +<div class="row"> + <div class="col-md-12"> + <!-- +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +--> + +<h1>Zeppelin Notebook Authorization</h1> + +<div id="toc"></div> + +<h2>Overview</h2> + +<p>We assume that there is an <strong>Shiro Authentication</strong> component that associates a user string and a set of group strings with every NotebookSocket. +If you don't set the authentication components yet, please check <a href="./shiroauthentication.html">Shiro authentication for Apache Zeppelin</a> first.</p> + +<h2>Authorization Setting</h2> + +<p>You can set Zeppelin notebook permissions in each notebooks. Of course only <strong>notebook owners</strong> can change this configuration. +Just click <strong>Lock icon</strong> and open the permission setting page in your notebook.</p> + +<p>As you can see, each Zeppelin notebooks has 3 entities :</p> + +<ul> +<li>Owners ( users or groups )</li> +<li>Readers ( users or groups )</li> +<li>Writers ( users or groups )</li> +</ul> + +<p><center><img src="../assets/themes/zeppelin/img/docs-img/permission_setting.png"></center></p> + +<p>Fill out the each forms with comma seperated <strong>users</strong> and <strong>groups</strong> configured in <code>conf/shiro.ini</code> file. +If the form is empty (*), it means that any users can perform that operation.</p> + +<p>If someone who doesn't have <strong>read</strong> permission is trying to access the notebook or someone who doesn't have <strong>write</strong> permission is trying to edit the notebook, Zeppelin will ask to login or block the user.</p> + +<p><center><img src="../assets/themes/zeppelin/img/docs-img/insufficient_privileges.png"></center></p> + +<h2>Separate notebook workspaces (public vs. private)</h2> + +<p>By default, the authorization rights allow other users to see the newly created note, meaning the workspace is <code>public</code>. This behavior is controllable and can be set through either <code>ZEPPELIN_NOTEBOOK_PUBLIC</code> variable in <code>conf/zeppelin-env.sh</code>, or through <code>zeppelin.notebook.public</code> property in <code>conf/zeppelin-site.xml</code>. Thus, in order to make newly created note appear only in your <code>private</code> workspace by default, you can set either <code>ZEPPELIN_NOTEBOOK_PUBLIC</code> to <code>false</code> in your <code>conf/zeppelin-env.sh</code> as follows:</p> +<div class="highlight"><pre><code class="text language-text" data-lang="text">export ZEPPELIN_NOTEBOOK_PUBLIC="false" +</code></pre></div> +<p>or set <code>zeppelin.notebook.public</code> property to <code>false</code> in <code>conf/zeppelin-site.xml</code> as follows:</p> +<div class="highlight"><pre><code class="text language-text" data-lang="text"><property> + <name>zeppelin.notebook.public</name> + <value>false</value> + <description>Make notebook public by default when created, private otherwise</description> +</property> +</code></pre></div> +<p>Behind the scenes, when you create a new note only the <code>owners</code> field is filled with current user, leaving <code>readers</code> and <code>writers</code> fields empty. All the notes with at least one empty authorization field are considered to be in <code>public</code> workspace. Thus when setting <code>zeppelin.notebook.public</code> (or corresponding <code>ZEPPELIN_NOTEBOOK_PUBLIC</code>) to false, newly created notes have <code>readers</code> and <code>writers</code> fields filled with current user, making note appear as in <code>private</code> workspace.</p> + +<h2>How it works</h2> + +<p>In this section, we will explain the detail about how the notebook authorization works in backend side.</p> + +<h3>NotebookServer</h3> + +<p>The <a href="https://github.com/apache/zeppelin/blob/master/zeppelin-server/src/main/java/org/apache/zeppelin/socket/NotebookServer.java";>NotebookServer</a> classifies every notebook operations into three categories: <strong>Read</strong>, <strong>Write</strong>, <strong>Manage</strong>. +Before executing a notebook operation, it checks if the user and the groups associated with the <code>NotebookSocket</code> have permissions. +For example, before executing a <strong>Read</strong> operation, it checks if the user and the groups have at least one entity that belongs to the <strong>Reader</strong> entities.</p> + +<h3>Notebook REST API call</h3> + +<p>Zeppelin executes a <a href="https://github.com/apache/zeppelin/blob/master/zeppelin-server/src/main/java/org/apache/zeppelin/rest/NotebookRestApi.java";>REST API call</a> for the notebook permission information. +In the backend side, Zeppelin gets the user information for the connection and allows the operation if the users and groups +associated with the current user have at least one entity that belongs to owner entities for the notebook.</p> + + </div> +</div> + + + <hr> + <footer> + <!-- <p>© 2017 The Apache Software Foundation</p>--> + </footer> + </div> + + + + + <script type="text/javascript"> + (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ + (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), + m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) + })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); + + ga('create', 'UA-45176241-5', 'zeppelin.apache.org'); + ga('require', 'linkid', 'linkid.js'); + ga('send', 'pageview'); + +</script> + + + + </body> +</html> +
