Return-Path: 
 <user-return-100-apmail-kylin-user-archive=kylin.apache.org@kylin.apache.org>
X-Original-To: apmail-kylin-user-archive@minotaur.apache.org
Delivered-To: apmail-kylin-user-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id D2CF8183DA
	for <apmail-kylin-user-archive@minotaur.apache.org>;
 Fri, 11 Dec 2015 14:33:10 +0000 (UTC)
Received: (qmail 3181 invoked by uid 500); 11 Dec 2015 14:33:10 -0000
Delivered-To: apmail-kylin-user-archive@kylin.apache.org
Received: (qmail 3139 invoked by uid 500); 11 Dec 2015 14:33:10 -0000
Mailing-List: contact user-help@kylin.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@kylin.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@kylin.apache.org>
List-Post: <mailto:user@kylin.apache.org>
List-Id: <user.kylin.apache.org>
Reply-To: user@kylin.apache.org
Delivered-To: mailing list user@kylin.apache.org
Received: (qmail 3129 invoked by uid 99); 11 Dec 2015 14:33:10 -0000
Received: from Unknown (HELO spamd1-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 11 Dec 2015 14:33:10 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org)
 with ESMTP id 52D04C7B28
	for <user@kylin.apache.org>; Fri, 11 Dec 2015 14:33:10 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 2.879
X-Spam-Level: **
X-Spam-Status: No, score=2.879 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	HTML_MESSAGE=3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01,
	SPF_PASS=-0.001] autolearn=disabled
Authentication-Results: spamd1-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx1-us-east.apache.org ([10.40.0.8])
	by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new,
 port 10024)
	with ESMTP id 2wU2dyX_0Tb4 for <user@kylin.apache.org>;
	Fri, 11 Dec 2015 14:33:09 +0000 (UTC)
Received: from mail-lb0-f182.google.com (mail-lb0-f182.google.com
 [209.85.217.182])
	by mx1-us-east.apache.org (ASF Mail Server at mx1-us-east.apache.org) with
 ESMTPS id 506DA42A73
	for <user@kylin.apache.org>; Fri, 11 Dec 2015 14:33:09 +0000 (UTC)
Received: by lbbcs9 with SMTP id cs9so71247838lbb.1
        for <user@kylin.apache.org>; Fri, 11 Dec 2015 06:33:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:from:date:message-id:subject:to:content-type;
        bh=iqr7FOPeylhdPsu4ICRJ2D/ONXZFPRXSUfdeGV39XAM=;
        b=au2aOQk3UfMnfIzlrspmXF5d96r+Tj7UocFxfJl70MkyttJdLrAcm7o6h/CLHD5smA
         xuyWcHNCJ/GJ4D/MwvnsyRtYe8ufQMUmhfLqTijagPG/v71kctdrhHy1AgCdk5WJjFp7
         rb/6g9NNQ/jRHmd1ddst+npYp4AGiBv0i4DczYwdRT74xhBH/CQRZPmNDSRANM+Yboy0
         4lMrjf7X7CpBRCqqmAcK6eW33b9QenU6bDS1zd7KrppvY6KDsoMll73TN8jTmdMVYzcJ
         OW3tCfVcJvlndgRBGfaC7G7bNlY/P4q7pxWmxWjCqET77eEvWireZYVhTFjLkcejN09c
         PtKQ==
X-Received: by 10.112.16.101 with SMTP id f5mr1147686lbd.30.1449844388164;
 Fri, 11 Dec 2015 06:33:08 -0800 (PST)
MIME-Version: 1.0
Received: by 10.112.199.196 with HTTP; Fri, 11 Dec 2015 06:32:28 -0800 (PST)
From: Marek Wiewiorka <marek.wiewiorka@gmail.com>
Date: Fri, 11 Dec 2015 15:32:28 +0100
Message-ID: 
 <CAJbo4nfF=N0=MoEdQtAvr663BiZLXqGH78HM3RZCCygA2yEKyw@mail.gmail.com>
Subject: Kylin authorization and roles/LDAP
To: user@kylin.apache.org
Content-Type: multipart/alternative; boundary=001a11c3fdfebc79dd0526a0331f

--001a11c3fdfebc79dd0526a0331f
Content-Type: text/plain; charset=UTF-8

Hi All - I managed to get LDAP authentication working but I'm unable to
setup proper authorization.

Does anybody of you got it working properly - roles mapping, privileges on
cubes with LDAP?

I will summarize briefly what I wasn't able to do:
1)map a LDAP group to admin role in Kylin
2)Despite granting only one group 'cube query' privilege on a cube everyone
who is properly authenticated can query the data which is obviously wrong.

Any help more than welcome!

Marek

--001a11c3fdfebc79dd0526a0331f
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi All - I managed to get LDAP authentication working but =
I&#39;m unable to setup proper authorization.<div><br></div><div>Does anybo=
dy of you got it working properly - roles mapping, privileges on cubes with=
 LDAP?</div><div><br></div><div>I will summarize briefly what I wasn&#39;t =
able to do:</div><div>1)map a LDAP group to admin role in Kylin</div><div>2=
)Despite granting only one group &#39;cube query&#39; privilege on a cube e=
veryone who is properly authenticated can query the data which is obviously=
 wrong.</div><div><br></div><div>Any help more than welcome!</div><div><br>=
</div><div>Marek</div><div><br></div><div>=C2=A0</div></div>

--001a11c3fdfebc79dd0526a0331f--