zeppelin-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ahyoung...@apache.org
Subject svn commit: r1781552 - /zeppelin/site/docs/0.7.0-SNAPSHOT/security/notebook_authorization.html
Date Fri, 03 Feb 2017 14:15:44 GMT
Author: ahyoungryu
Date: Fri Feb  3 14:15:44 2017
New Revision: 1781552

URL: http://svn.apache.org/viewvc?rev=1781552&view=rev
Log: (empty)

Modified:
    zeppelin/site/docs/0.7.0-SNAPSHOT/security/notebook_authorization.html

Modified: zeppelin/site/docs/0.7.0-SNAPSHOT/security/notebook_authorization.html
URL: http://svn.apache.org/viewvc/zeppelin/site/docs/0.7.0-SNAPSHOT/security/notebook_authorization.html?rev=1781552&r1=1781551&r2=1781552&view=diff
==============================================================================
--- zeppelin/site/docs/0.7.0-SNAPSHOT/security/notebook_authorization.html (original)
+++ zeppelin/site/docs/0.7.0-SNAPSHOT/security/notebook_authorization.html Fri Feb  3 14:15:44
2017
@@ -213,15 +213,15 @@ limitations under the License.
 
 <h2>Overview</h2>
 
-<p>We assume that there is an <strong>Shiro Authentication</strong> component
that associates a user string and a set of group strings with every NotebookSocket.
+<p>We assume that there is an <strong>Shiro Authentication</strong> component
that associates a user string and a set of group strings with every NotebookSocket. 
 If you don&#39;t set the authentication components yet, please check <a href="./shiroauthentication.html">Shiro
authentication for Apache Zeppelin</a> first.</p>
 
 <h2>Authorization Setting</h2>
 
-<p>You can set Zeppelin notebook permissions in each notebooks. Of course only <strong>notebook
owners</strong> can change this configuration.
+<p>You can set Zeppelin notebook permissions in each notebooks. Of course only <strong>notebook
owners</strong> can change this configuration. 
 Just click <strong>Lock icon</strong> and open the permission setting page in
your notebook.</p>
 
-<p>As you can see, each Zeppelin notebooks has 3 entities :</p>
+<p>As you can see, each Zeppelin notebooks has 3 entities : </p>
 
 <ul>
 <li>Owners ( users or groups )</li>
@@ -234,23 +234,11 @@ Just click <strong>Lock icon</strong> an
 <p>Fill out the each forms with comma seperated <strong>users</strong>
and <strong>groups</strong> configured in <code>conf/shiro.ini</code>
file.
 If the form is empty (*), it means that any users can perform that operation.</p>
 
-<p>If someone who doesn&#39;t have <strong>read</strong> permission
is trying to access the notebook or someone who doesn&#39;t have <strong>write</strong>
permission is trying to edit the notebook, Zeppelin will ask to login or block the user.</p>
+<p>If someone who doesn&#39;t have <strong>read</strong> permission
is trying to access the notebook or someone who doesn&#39;t have <strong>write</strong>
permission is trying to edit the notebook, Zeppelin will ask to login or block the user. </p>
 
 <p><center><img src="../assets/themes/zeppelin/img/docs-img/insufficient_privileges.png"></center></p>
 
-<h2>Separate notebook workspaces (public vs. private)</h2>
-
-<p>By default, the authorization rights allow other users to see the newly created
note, meaning the workspace is <code>public</code>. This behavior is controllable
and can be set through either <code>ZEPPELIN_NOTEBOOK_PUBLIC</code> variable in
<code>conf/zeppelin-env.sh</code>, or through <code>zeppelin.notebook.public</code>
property in <code>conf/zeppelin-site.xml</code>. Thus, in order to make newly
created note appear only in your <code>private</code> workspace by default, you
can set either <code>ZEPPELIN_NOTEBOOK_PUBLIC</code> to <code>false</code>
in your <code>conf/zeppelin-env.sh</code> as follows:</p>
-<div class="highlight"><pre><code class="text language-text" data-lang="text">export
ZEPPELIN_NOTEBOOK_PUBLIC=&quot;false&quot;
-</code></pre></div>
-<p>or set <code>zeppelin.notebook.public</code> property to <code>false</code>
in <code>conf/zeppelin-site.xml</code> as follows:</p>
-<div class="highlight"><pre><code class="text language-text" data-lang="text">&lt;property&gt;
-  &lt;name&gt;zeppelin.notebook.public&lt;/name&gt;
-  &lt;value&gt;false&lt;/value&gt;
-  &lt;description&gt;Make notebook public by default when created, private otherwise&lt;/description&gt;
-&lt;/property&gt;
-</code></pre></div>
-<p>Behind the scenes, when you create a new note only the <code>owners</code>
field is filled with current user, leaving <code>readers</code> and <code>writers</code>
fields empty. All the notes with at least one empty authorization field are considered to
be in <code>public</code> workspace. Thus when setting <code>zeppelin.notebook.public</code>
(or corresponding <code>ZEPPELIN_NOTEBOOK_PUBLIC</code>) to false, newly created
notes have <code>readers</code> and <code>writers</code> fields filled
with current user, making note appear as in <code>private</code> workspace.</p>
+<p>By default when you create a new note, the owner is the user who create it. And
the readers/writers is empty which means it is shared publicly. But if you don&#39;t want
it to be shared by default. You can set <code>zeppelin.notebook.public</code>
to be false in <code>zeppelin-site.xml</code>.</p>
 
 <h2>How it works</h2>
 
@@ -259,7 +247,7 @@ If the form is empty (*), it means that
 <h3>NotebookServer</h3>
 
 <p>The <a href="https://github.com/apache/zeppelin/blob/master/zeppelin-server/src/main/java/org/apache/zeppelin/socket/NotebookServer.java">NotebookServer</a>
classifies every notebook operations into three categories: <strong>Read</strong>,
<strong>Write</strong>, <strong>Manage</strong>.
-Before executing a notebook operation, it checks if the user and the groups associated with
the <code>NotebookSocket</code> have permissions.
+Before executing a notebook operation, it checks if the user and the groups associated with
the <code>NotebookSocket</code> have permissions. 
 For example, before executing a <strong>Read</strong> operation, it checks if
the user and the groups have at least one entity that belongs to the <strong>Reader</strong>
entities.</p>
 
 <h3>Notebook REST API call</h3>



Mime
View raw message