Elgato_dark/zeppelin
1
0
Fork 0
mirror of https://github.com/apache/zeppelin synced 2026-05-24 09:38:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeppelin/docs/security/notebook_authorization.md

61 lines
3.2 KiB
Markdown
Raw Normal View History

Notebook Authorization ### What is this PR for? The goal of the PR is to add authorization for notebooks according to the design document [here] (https://gist.github.com/prasadwagle/712b7ca1e0f1f4f1aa20). The PR uses Shiro authentication. ### What type of PR is it? Feature ### Todos * [x] - Find way to get roles for a user in SecurityUtils (Not possible at the moment, see SHIRO-492) * [x] - Investigate how to use Shiro authorization * [x] - Use groups associated with user to determine if operation is permitted * [x] - Check if user has permissions to modify note permissions * [x] - Add checks in more NotebookServer operations * [x] - Improve UI (explain permissions, error messages) * [x] - Add unit tests * [x] - Documentation ### Is there a relevant Jira issue? ZEPPELIN-549 ### How should this be tested? 1. Enable Basic Auth Security by changing conf/shiro.ini. 1. Create a note. By default all operations are allowed by any authenticated user. 1. Update readers, writers and owners by clicking on the lock icon in the top right area. 1. Check if users can or cannot perform operations according to the permissions. ### Screenshots (if appropriate) ![Screenshot](https://cloud.githubusercontent.com/assets/870829/12711820/c70fa336-c877-11e5-84e8-e282231988b2.gif) ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No Author: Prasad Wagle <pwagle@twitter.com> Closes #681 from prasadwagle/notebook_authorization and squashes the following commits: e7cffd8 [Prasad Wagle] Restore anon default in shiro.ini 24e8de4 [Prasad Wagle] Remove duplicate imports 29ebf48 [Prasad Wagle] Merge with master 52f4914 [Prasad Wagle] Check whether roles is non-empty before adding to userAndRoles 733530f [Prasad Wagle] Minor doc fix 28ea697 [Prasad Wagle] Fixed issues with security documentation reported by @AhyoungRyu 1ac076e [Prasad Wagle] Fixed typo in _navigation.html and updated interpreter_authorization.md 6c89dbe [Prasad Wagle] Implement Moon's suggestions on note permissions background and wildcard placeholder 2554315 [Prasad Wagle] Use user and roles for checking note permissions 3a5e5c0 [Prasad Wagle] Check if user has permissions to modify note permissions fbbd04b [Prasad Wagle] Make insufficient privileges error message easier to read 06c5e07 [Prasad Wagle] Update navigation.html for security docs 6b9e274 [Prasad Wagle] Add unit test for note permissions a8d0ecb [Prasad Wagle] Add security documentation 6e85730 [Prasad Wagle] Notebook Authorization
2016-02-26 00:54:47 +00:00
---
layout: page
[ZEPPELIN-1219] Add searching feature to Zeppelin docs site ### What is this PR for? As more and more document pages are added, it's really hard to find specific pages. So I added searching feature to Zeppelin documentation site([jekyll](https://jekyllrb.com/) based site) using [lunr.js](http://lunrjs.com/). - **How does it work?** I created [`search_data.json`](https://github.com/AhyoungRyu/zeppelin/blob/6e02423f541cc406e4e41031629609a276a9f481/docs/search_data.json) which is used for docs info template. `lunr.js` combines all of the text from all of the docs in `docs/` into `_site/search_data.json`. It looks like below. ![screen shot 2016-08-03 at 4 49 59 am](https://cloud.githubusercontent.com/assets/10060731/17342828/f2908be8-5935-11e6-8eee-b189677c0531.png) All the info are comes from [Jekyll YAML front matter](https://jekyllrb.com/docs/frontmatter/) variables. (i.e. title, group, description.. that's why I rewrote all docs' title and description.) [search.js](https://github.com/AhyoungRyu/zeppelin/blob/6e02423f541cc406e4e41031629609a276a9f481/docs/assets/themes/zeppelin/js/search.js) will do this job using this data! ### What type of PR is it? Improvement & Feature ### Todos * [x] - Keep consistency for all docs pages' `Title` * [x] - Add some overview sentences to all docs pages' `Description` section (this will be used as the result preview) * [x] - Add apache license header to all docs page (some pages are missing the license header currently) * [x] - Add LICENSE for `lunr.min.js` ### What is the Jira issue? [ZEPPELIN-1219](https://issues.apache.org/jira/browse/ZEPPELIN-1219) ### How should this be tested? 1. Apply this patch and build `ZEPPELIN_HOME/docs` dir -> please see [docs/README.md#build-documentation](https://github.com/apache/zeppelin/tree/master/docs#build-documentation) 2. Click `search` icon in navbar and go to `search.html` page 3. Type anything you want to search in the search bar (i.e. type `python`, `spark`, `dynamic` ... ) ### Screenshots (if appropriate) ![screen shot 2016-08-03 at 4 42 28 pm](https://cloud.githubusercontent.com/assets/10060731/17357851/d092e2ca-5999-11e6-9917-a3d4113e6e43.png) ![search](https://cloud.githubusercontent.com/assets/10060731/17357828/b2486cd6-5999-11e6-873b-121fac033b03.gif) ### Questions: * Does the licenses files need update? Yes, for `lunr.min.js` * Is there breaking changes for older versions? no * Does this needs documentation? no Author: AhyoungRyu <fbdkdud93@hanmail.net> Closes #1266 from AhyoungRyu/ZEPPELIN-1219 and squashes the following commits: 7ec8854 [AhyoungRyu] Modify 'no result' sentence 91b71a7 [AhyoungRyu] Remove Apache license header since JSON doesn't allow comment 34afd5d [AhyoungRyu] Add Apache license header to search_data.json 6784282 [AhyoungRyu] Minor search page UI update 0389d28 [AhyoungRyu] Make index.md not to be searched 9f1ba42 [AhyoungRyu] Disable enterkey press & change icon bd4956a [AhyoungRyu] Add docs.js & search.js to exclude list in pom.xml 624b051 [AhyoungRyu] Add Apache license header to search.js 1381152 [AhyoungRyu] Fix search result skipping issue 6e775f5 [AhyoungRyu] Make pleasecontribute.md not to be searched ee11136 [AhyoungRyu] Fix some typos fa01299 [AhyoungRyu] Refine 'description' in some docs as @bzz suggested da0cff9 [AhyoungRyu] Exclude lunr.min.js 36ba7f1 [AhyoungRyu] Add lunr.min.js license info f6a05a6 [AhyoungRyu] Apply css style for the search results 68eb997 [AhyoungRyu] Attach 'Apache Zeppelin ZEPPELIN_VERSION Documentation: ' to title d908c37 [AhyoungRyu] Add searching page a951fa6 [AhyoungRyu] Add search icon to navbar 0688a79 [AhyoungRyu] Keep consistency all docs' front matter for the right search result 040f532 [AhyoungRyu] Add template for storing docs info based on jekyll front matter 0705bd6 [AhyoungRyu] Add js files: lunr.min.js & search.js
2016-08-06 05:50:25 +00:00
title: "Notebook Authorization in Apache Zeppelin"
description: "This page will guide you how you can set the permission for Zeppelin notebooks. This document assumes that Apache Shiro authentication was set up."
Notebook Authorization ### What is this PR for? The goal of the PR is to add authorization for notebooks according to the design document [here] (https://gist.github.com/prasadwagle/712b7ca1e0f1f4f1aa20). The PR uses Shiro authentication. ### What type of PR is it? Feature ### Todos * [x] - Find way to get roles for a user in SecurityUtils (Not possible at the moment, see SHIRO-492) * [x] - Investigate how to use Shiro authorization * [x] - Use groups associated with user to determine if operation is permitted * [x] - Check if user has permissions to modify note permissions * [x] - Add checks in more NotebookServer operations * [x] - Improve UI (explain permissions, error messages) * [x] - Add unit tests * [x] - Documentation ### Is there a relevant Jira issue? ZEPPELIN-549 ### How should this be tested? 1. Enable Basic Auth Security by changing conf/shiro.ini. 1. Create a note. By default all operations are allowed by any authenticated user. 1. Update readers, writers and owners by clicking on the lock icon in the top right area. 1. Check if users can or cannot perform operations according to the permissions. ### Screenshots (if appropriate) ![Screenshot](https://cloud.githubusercontent.com/assets/870829/12711820/c70fa336-c877-11e5-84e8-e282231988b2.gif) ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No Author: Prasad Wagle <pwagle@twitter.com> Closes #681 from prasadwagle/notebook_authorization and squashes the following commits: e7cffd8 [Prasad Wagle] Restore anon default in shiro.ini 24e8de4 [Prasad Wagle] Remove duplicate imports 29ebf48 [Prasad Wagle] Merge with master 52f4914 [Prasad Wagle] Check whether roles is non-empty before adding to userAndRoles 733530f [Prasad Wagle] Minor doc fix 28ea697 [Prasad Wagle] Fixed issues with security documentation reported by @AhyoungRyu 1ac076e [Prasad Wagle] Fixed typo in _navigation.html and updated interpreter_authorization.md 6c89dbe [Prasad Wagle] Implement Moon's suggestions on note permissions background and wildcard placeholder 2554315 [Prasad Wagle] Use user and roles for checking note permissions 3a5e5c0 [Prasad Wagle] Check if user has permissions to modify note permissions fbbd04b [Prasad Wagle] Make insufficient privileges error message easier to read 06c5e07 [Prasad Wagle] Update navigation.html for security docs 6b9e274 [Prasad Wagle] Add unit test for note permissions a8d0ecb [Prasad Wagle] Add security documentation 6e85730 [Prasad Wagle] Notebook Authorization
2016-02-26 00:54:47 +00:00
group: security
---
<!--
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
[ZEPPELIN-1219] Add searching feature to Zeppelin docs site ### What is this PR for? As more and more document pages are added, it's really hard to find specific pages. So I added searching feature to Zeppelin documentation site([jekyll](https://jekyllrb.com/) based site) using [lunr.js](http://lunrjs.com/). - **How does it work?** I created [`search_data.json`](https://github.com/AhyoungRyu/zeppelin/blob/6e02423f541cc406e4e41031629609a276a9f481/docs/search_data.json) which is used for docs info template. `lunr.js` combines all of the text from all of the docs in `docs/` into `_site/search_data.json`. It looks like below. ![screen shot 2016-08-03 at 4 49 59 am](https://cloud.githubusercontent.com/assets/10060731/17342828/f2908be8-5935-11e6-8eee-b189677c0531.png) All the info are comes from [Jekyll YAML front matter](https://jekyllrb.com/docs/frontmatter/) variables. (i.e. title, group, description.. that's why I rewrote all docs' title and description.) [search.js](https://github.com/AhyoungRyu/zeppelin/blob/6e02423f541cc406e4e41031629609a276a9f481/docs/assets/themes/zeppelin/js/search.js) will do this job using this data! ### What type of PR is it? Improvement & Feature ### Todos * [x] - Keep consistency for all docs pages' `Title` * [x] - Add some overview sentences to all docs pages' `Description` section (this will be used as the result preview) * [x] - Add apache license header to all docs page (some pages are missing the license header currently) * [x] - Add LICENSE for `lunr.min.js` ### What is the Jira issue? [ZEPPELIN-1219](https://issues.apache.org/jira/browse/ZEPPELIN-1219) ### How should this be tested? 1. Apply this patch and build `ZEPPELIN_HOME/docs` dir -> please see [docs/README.md#build-documentation](https://github.com/apache/zeppelin/tree/master/docs#build-documentation) 2. Click `search` icon in navbar and go to `search.html` page 3. Type anything you want to search in the search bar (i.e. type `python`, `spark`, `dynamic` ... ) ### Screenshots (if appropriate) ![screen shot 2016-08-03 at 4 42 28 pm](https://cloud.githubusercontent.com/assets/10060731/17357851/d092e2ca-5999-11e6-9917-a3d4113e6e43.png) ![search](https://cloud.githubusercontent.com/assets/10060731/17357828/b2486cd6-5999-11e6-873b-121fac033b03.gif) ### Questions: * Does the licenses files need update? Yes, for `lunr.min.js` * Is there breaking changes for older versions? no * Does this needs documentation? no Author: AhyoungRyu <fbdkdud93@hanmail.net> Closes #1266 from AhyoungRyu/ZEPPELIN-1219 and squashes the following commits: 7ec8854 [AhyoungRyu] Modify 'no result' sentence 91b71a7 [AhyoungRyu] Remove Apache license header since JSON doesn't allow comment 34afd5d [AhyoungRyu] Add Apache license header to search_data.json 6784282 [AhyoungRyu] Minor search page UI update 0389d28 [AhyoungRyu] Make index.md not to be searched 9f1ba42 [AhyoungRyu] Disable enterkey press & change icon bd4956a [AhyoungRyu] Add docs.js & search.js to exclude list in pom.xml 624b051 [AhyoungRyu] Add Apache license header to search.js 1381152 [AhyoungRyu] Fix search result skipping issue 6e775f5 [AhyoungRyu] Make pleasecontribute.md not to be searched ee11136 [AhyoungRyu] Fix some typos fa01299 [AhyoungRyu] Refine 'description' in some docs as @bzz suggested da0cff9 [AhyoungRyu] Exclude lunr.min.js 36ba7f1 [AhyoungRyu] Add lunr.min.js license info f6a05a6 [AhyoungRyu] Apply css style for the search results 68eb997 [AhyoungRyu] Attach 'Apache Zeppelin ZEPPELIN_VERSION Documentation: ' to title d908c37 [AhyoungRyu] Add searching page a951fa6 [AhyoungRyu] Add search icon to navbar 0688a79 [AhyoungRyu] Keep consistency all docs' front matter for the right search result 040f532 [AhyoungRyu] Add template for storing docs info based on jekyll front matter 0705bd6 [AhyoungRyu] Add js files: lunr.min.js & search.js
2016-08-06 05:50:25 +00:00
{% include JB/setup %}
[ZEPPELIN-939] Improve notebook authorization documentation ### What is this PR for? Currently Zeppelin provides authorization mechanism on each notebooks. But it seems many users can not get much useful information through [the existing notebook authorization docs](https://zeppelin.apache.org/docs/0.6.0-incubating-SNAPSHOT/security/notebook_authorization.html). So I add some information so that users can follow step by step. Moreover, [interpreter authorization docs](https://zeppelin.apache.org/docs/0.6.0-incubating-SNAPSHOT/security/interpreter_authorization.html) doesn't provide much information so far. This can be confused to users. So I removed it temporally. We can add it again when we have specific(?) feature for `interpreter & data source authorization`. ### What type of PR is it? Improvement | Documentation ### Todos * [x] - Remove security_overview.md & interpreter_authorization.md * [x] - Improve notebook authorization docs ### What is the Jira issue? [ZEPPELIN-939](https://issues.apache.org/jira/browse/ZEPPELIN-939) ### How should this be tested? ### Screenshots (if appropriate) - **Before** <img width="1107" alt="screen shot 2016-06-01 at 5 46 22 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730358/cf8074ec-2820-11e6-8e55-d0552896d95d.png"> - **After** <img width="1030" alt="screen shot 2016-06-01 at 5 48 17 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730384/1b6c8a08-2821-11e6-89ae-7d054ec87c57.png"> <img width="1007" alt="screen shot 2016-06-01 at 5 48 31 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730386/1ea6e42a-2821-11e6-9630-da2ca67970f0.png"> ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No Author: AhyoungRyu <fbdkdud93@hanmail.net> Closes #947 from AhyoungRyu/ZEPPELIN-939 and squashes the following commits: e63af10 [AhyoungRyu] Revert interpreter_authorization.md 6438cc2 [AhyoungRyu] Improve notebook authorization documentation 6e1c1b3 [AhyoungRyu] Remove deleted file list in navbar 26f77d0 [AhyoungRyu] Remove security_overview.md & interpreter_authorization.md
2016-06-04 18:10:46 +00:00
# Zeppelin Notebook Authorization
Notebook Authorization ### What is this PR for? The goal of the PR is to add authorization for notebooks according to the design document [here] (https://gist.github.com/prasadwagle/712b7ca1e0f1f4f1aa20). The PR uses Shiro authentication. ### What type of PR is it? Feature ### Todos * [x] - Find way to get roles for a user in SecurityUtils (Not possible at the moment, see SHIRO-492) * [x] - Investigate how to use Shiro authorization * [x] - Use groups associated with user to determine if operation is permitted * [x] - Check if user has permissions to modify note permissions * [x] - Add checks in more NotebookServer operations * [x] - Improve UI (explain permissions, error messages) * [x] - Add unit tests * [x] - Documentation ### Is there a relevant Jira issue? ZEPPELIN-549 ### How should this be tested? 1. Enable Basic Auth Security by changing conf/shiro.ini. 1. Create a note. By default all operations are allowed by any authenticated user. 1. Update readers, writers and owners by clicking on the lock icon in the top right area. 1. Check if users can or cannot perform operations according to the permissions. ### Screenshots (if appropriate) ![Screenshot](https://cloud.githubusercontent.com/assets/870829/12711820/c70fa336-c877-11e5-84e8-e282231988b2.gif) ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No Author: Prasad Wagle <pwagle@twitter.com> Closes #681 from prasadwagle/notebook_authorization and squashes the following commits: e7cffd8 [Prasad Wagle] Restore anon default in shiro.ini 24e8de4 [Prasad Wagle] Remove duplicate imports 29ebf48 [Prasad Wagle] Merge with master 52f4914 [Prasad Wagle] Check whether roles is non-empty before adding to userAndRoles 733530f [Prasad Wagle] Minor doc fix 28ea697 [Prasad Wagle] Fixed issues with security documentation reported by @AhyoungRyu 1ac076e [Prasad Wagle] Fixed typo in _navigation.html and updated interpreter_authorization.md 6c89dbe [Prasad Wagle] Implement Moon's suggestions on note permissions background and wildcard placeholder 2554315 [Prasad Wagle] Use user and roles for checking note permissions 3a5e5c0 [Prasad Wagle] Check if user has permissions to modify note permissions fbbd04b [Prasad Wagle] Make insufficient privileges error message easier to read 06c5e07 [Prasad Wagle] Update navigation.html for security docs 6b9e274 [Prasad Wagle] Add unit test for note permissions a8d0ecb [Prasad Wagle] Add security documentation 6e85730 [Prasad Wagle] Notebook Authorization
2016-02-26 00:54:47 +00:00
[ZEPPELIN-1018] Apply auto "Table of Contents" generator to Zeppelin docs website ### What is this PR for? I added auto TOC(Table of Contents) generator for Zeppelin documentation website. TOC can help people looking through whole contents at a glance and finding what they want quickly. I just added `<div id="toc"></div>` to the each documentation header. [`toc`](https://github.com/apache/zeppelin/compare/master...AhyoungRyu:ZEPPELIN-1018?expand=1#diff-85af09fb498a5667ea455391533f945dR3) recognize `<h2>` & `<h3>` as a title in the docs and it automatically generate TOC. So I set a rule for this work. (I'll write this rule on `docs/CONTRIBUTING.md` or [docs/howtocontributewebsite](https://zeppelin.apache.org/docs/0.6.0-SNAPSHOT/development/howtocontributewebsite.html)). ``` # Level-1 Heading <- Use only for the main title of the page ## Level-2 Heading <- Start with this one ### Level-3 heading <- Only use this one for child of Level-2 toc only recognize Level-2 & Level-3 ``` Please see the below attached screenshot image. ### What type of PR is it? Improvement & Documentation ### Todos * [x] - Add TOC generator * [x] - Apply TOC(`<div id="toc"></div>`) to every documentation and reorganize each headers(apply the above rule) * [x] - Fix some broken code block in several docs * [x] - Apply TOC to `r.md` (Currently R docs has some duplicated info since [this one](https://github.com/apache/zeppelin/commit/d5e87fb8ba98f08db5b0a4995104ce19f182c678) and [this one](https://github.com/apache/zeppelin/commit/7d6cc7e99154e2d337c11fdf8be1a874ed3e9ada) ) * [x] - Apply TOC to `install.md` after #1010 merged * [x] - Apply TOC to `interpreterinstallation.md` after #1042 merged ### What is the Jira issue? [ZEPPELIN-1018](https://issues.apache.org/jira/browse/ZEPPELIN-1018) ### How should this be tested? 1. Apply this patch and build `docs/` with [this guide](https://github.com/apache/zeppelin/tree/master/docs#build-documentation) 2. Visit some docs page. Then you can see TOC in the header of page. ### Screenshots (if appropriate) - Automatically generated TOC in Spark interpreter docs page <img width="831" alt="screen shot 2016-06-16 at 9 37 18 pm" src="https://cloud.githubusercontent.com/assets/10060731/16140902/945b9c7a-340a-11e6-91f3-b6174738bed0.png"> ### Questions: * Does the licenses files need update? No. Actually I used [jekyll-table-of-contents#copyright](https://github.com/ghiculescu/jekyll-table-of-contents#copyright). But I don't need to add a license for this :) * Is there breaking changes for older versions? No * Does this needs documentation? Maybe Author: AhyoungRyu <fbdkdud93@hanmail.net> Closes #1031 from AhyoungRyu/ZEPPELIN-1018 and squashes the following commits: e66397b [AhyoungRyu] Apply TOC to interpreterinstallation.md 009579b [AhyoungRyu] Add more info to 'What is the next?' in install.md 04cf501 [AhyoungRyu] Revert 'where to start' section b7cbe5f [AhyoungRyu] Fix typo cf0911c [AhyoungRyu] Rename license file 388f35a [AhyoungRyu] Add jekyll-table-of-contents license info 6394c70 [AhyoungRyu] Fix image path in python.md d00e4b1 [AhyoungRyu] Move interpreter/screenshot/ -> asset/../img/docs-img/ 3ffb383 [AhyoungRyu] Remove duplicated info in r.md & apply toc a03ca99 [AhyoungRyu] Exclude toc.js from pom.xml 3fae7df [AhyoungRyu] Apply auto generated toc to install.md d114a9d [AhyoungRyu] Address @felixcheung feedback 6a788fe [AhyoungRyu] Resize TOC tab indent 6760c00 [AhyoungRyu] Apply auto TOC to all of docs under docs/storage/ fbde57f [AhyoungRyu] Apply auto TOC to all of docs under docs/quickstart/ db76eb6 [AhyoungRyu] Apply auto TOC to all of docs under docs/install/ f35db47 [AhyoungRyu] Apply auto TOC to all of docs under docs/displaysystem/ b05365f [AhyoungRyu] Apply auto TOC to all of docs under docs/rest-api/ 163691c [AhyoungRyu] Apply auto TOC to all of docs under docs/manual/ bef398e [AhyoungRyu] Apply auto TOC to all of docs under docs/development/ 9c5f76b [AhyoungRyu] Apply auto TOC to all of docs under docs/interpreter/ 587d4ba [AhyoungRyu] Apply auto TOC to all of docs under docs/security/ 1f10b97 [AhyoungRyu] Change toc configuration 78dca9e [AhyoungRyu] Add toc.js for auto generating TOC
2016-06-25 19:44:53 +00:00
<div id="toc"></div>
## Overview
[ZEPPELIN-939] Improve notebook authorization documentation ### What is this PR for? Currently Zeppelin provides authorization mechanism on each notebooks. But it seems many users can not get much useful information through [the existing notebook authorization docs](https://zeppelin.apache.org/docs/0.6.0-incubating-SNAPSHOT/security/notebook_authorization.html). So I add some information so that users can follow step by step. Moreover, [interpreter authorization docs](https://zeppelin.apache.org/docs/0.6.0-incubating-SNAPSHOT/security/interpreter_authorization.html) doesn't provide much information so far. This can be confused to users. So I removed it temporally. We can add it again when we have specific(?) feature for `interpreter & data source authorization`. ### What type of PR is it? Improvement | Documentation ### Todos * [x] - Remove security_overview.md & interpreter_authorization.md * [x] - Improve notebook authorization docs ### What is the Jira issue? [ZEPPELIN-939](https://issues.apache.org/jira/browse/ZEPPELIN-939) ### How should this be tested? ### Screenshots (if appropriate) - **Before** <img width="1107" alt="screen shot 2016-06-01 at 5 46 22 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730358/cf8074ec-2820-11e6-8e55-d0552896d95d.png"> - **After** <img width="1030" alt="screen shot 2016-06-01 at 5 48 17 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730384/1b6c8a08-2821-11e6-89ae-7d054ec87c57.png"> <img width="1007" alt="screen shot 2016-06-01 at 5 48 31 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730386/1ea6e42a-2821-11e6-9630-da2ca67970f0.png"> ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No Author: AhyoungRyu <fbdkdud93@hanmail.net> Closes #947 from AhyoungRyu/ZEPPELIN-939 and squashes the following commits: e63af10 [AhyoungRyu] Revert interpreter_authorization.md 6438cc2 [AhyoungRyu] Improve notebook authorization documentation 6e1c1b3 [AhyoungRyu] Remove deleted file list in navbar 26f77d0 [AhyoungRyu] Remove security_overview.md & interpreter_authorization.md
2016-06-04 18:10:46 +00:00
We assume that there is an **Shiro Authentication** component that associates a user string and a set of group strings with every NotebookSocket.
If you don't set the authentication components yet, please check [Shiro authentication for Apache Zeppelin](./shiroauthentication.html) first.
Notebook Authorization ### What is this PR for? The goal of the PR is to add authorization for notebooks according to the design document [here] (https://gist.github.com/prasadwagle/712b7ca1e0f1f4f1aa20). The PR uses Shiro authentication. ### What type of PR is it? Feature ### Todos * [x] - Find way to get roles for a user in SecurityUtils (Not possible at the moment, see SHIRO-492) * [x] - Investigate how to use Shiro authorization * [x] - Use groups associated with user to determine if operation is permitted * [x] - Check if user has permissions to modify note permissions * [x] - Add checks in more NotebookServer operations * [x] - Improve UI (explain permissions, error messages) * [x] - Add unit tests * [x] - Documentation ### Is there a relevant Jira issue? ZEPPELIN-549 ### How should this be tested? 1. Enable Basic Auth Security by changing conf/shiro.ini. 1. Create a note. By default all operations are allowed by any authenticated user. 1. Update readers, writers and owners by clicking on the lock icon in the top right area. 1. Check if users can or cannot perform operations according to the permissions. ### Screenshots (if appropriate) ![Screenshot](https://cloud.githubusercontent.com/assets/870829/12711820/c70fa336-c877-11e5-84e8-e282231988b2.gif) ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No Author: Prasad Wagle <pwagle@twitter.com> Closes #681 from prasadwagle/notebook_authorization and squashes the following commits: e7cffd8 [Prasad Wagle] Restore anon default in shiro.ini 24e8de4 [Prasad Wagle] Remove duplicate imports 29ebf48 [Prasad Wagle] Merge with master 52f4914 [Prasad Wagle] Check whether roles is non-empty before adding to userAndRoles 733530f [Prasad Wagle] Minor doc fix 28ea697 [Prasad Wagle] Fixed issues with security documentation reported by @AhyoungRyu 1ac076e [Prasad Wagle] Fixed typo in _navigation.html and updated interpreter_authorization.md 6c89dbe [Prasad Wagle] Implement Moon's suggestions on note permissions background and wildcard placeholder 2554315 [Prasad Wagle] Use user and roles for checking note permissions 3a5e5c0 [Prasad Wagle] Check if user has permissions to modify note permissions fbbd04b [Prasad Wagle] Make insufficient privileges error message easier to read 06c5e07 [Prasad Wagle] Update navigation.html for security docs 6b9e274 [Prasad Wagle] Add unit test for note permissions a8d0ecb [Prasad Wagle] Add security documentation 6e85730 [Prasad Wagle] Notebook Authorization
2016-02-26 00:54:47 +00:00
[ZEPPELIN-939] Improve notebook authorization documentation ### What is this PR for? Currently Zeppelin provides authorization mechanism on each notebooks. But it seems many users can not get much useful information through [the existing notebook authorization docs](https://zeppelin.apache.org/docs/0.6.0-incubating-SNAPSHOT/security/notebook_authorization.html). So I add some information so that users can follow step by step. Moreover, [interpreter authorization docs](https://zeppelin.apache.org/docs/0.6.0-incubating-SNAPSHOT/security/interpreter_authorization.html) doesn't provide much information so far. This can be confused to users. So I removed it temporally. We can add it again when we have specific(?) feature for `interpreter & data source authorization`. ### What type of PR is it? Improvement | Documentation ### Todos * [x] - Remove security_overview.md & interpreter_authorization.md * [x] - Improve notebook authorization docs ### What is the Jira issue? [ZEPPELIN-939](https://issues.apache.org/jira/browse/ZEPPELIN-939) ### How should this be tested? ### Screenshots (if appropriate) - **Before** <img width="1107" alt="screen shot 2016-06-01 at 5 46 22 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730358/cf8074ec-2820-11e6-8e55-d0552896d95d.png"> - **After** <img width="1030" alt="screen shot 2016-06-01 at 5 48 17 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730384/1b6c8a08-2821-11e6-89ae-7d054ec87c57.png"> <img width="1007" alt="screen shot 2016-06-01 at 5 48 31 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730386/1ea6e42a-2821-11e6-9630-da2ca67970f0.png"> ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No Author: AhyoungRyu <fbdkdud93@hanmail.net> Closes #947 from AhyoungRyu/ZEPPELIN-939 and squashes the following commits: e63af10 [AhyoungRyu] Revert interpreter_authorization.md 6438cc2 [AhyoungRyu] Improve notebook authorization documentation 6e1c1b3 [AhyoungRyu] Remove deleted file list in navbar 26f77d0 [AhyoungRyu] Remove security_overview.md & interpreter_authorization.md
2016-06-04 18:10:46 +00:00
## Authorization Setting
You can set Zeppelin notebook permissions in each notebooks. Of course only **notebook owners** can change this configuration.
Just click **Lock icon** and open the permission setting page in your notebook.
Notebook Authorization ### What is this PR for? The goal of the PR is to add authorization for notebooks according to the design document [here] (https://gist.github.com/prasadwagle/712b7ca1e0f1f4f1aa20). The PR uses Shiro authentication. ### What type of PR is it? Feature ### Todos * [x] - Find way to get roles for a user in SecurityUtils (Not possible at the moment, see SHIRO-492) * [x] - Investigate how to use Shiro authorization * [x] - Use groups associated with user to determine if operation is permitted * [x] - Check if user has permissions to modify note permissions * [x] - Add checks in more NotebookServer operations * [x] - Improve UI (explain permissions, error messages) * [x] - Add unit tests * [x] - Documentation ### Is there a relevant Jira issue? ZEPPELIN-549 ### How should this be tested? 1. Enable Basic Auth Security by changing conf/shiro.ini. 1. Create a note. By default all operations are allowed by any authenticated user. 1. Update readers, writers and owners by clicking on the lock icon in the top right area. 1. Check if users can or cannot perform operations according to the permissions. ### Screenshots (if appropriate) ![Screenshot](https://cloud.githubusercontent.com/assets/870829/12711820/c70fa336-c877-11e5-84e8-e282231988b2.gif) ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No Author: Prasad Wagle <pwagle@twitter.com> Closes #681 from prasadwagle/notebook_authorization and squashes the following commits: e7cffd8 [Prasad Wagle] Restore anon default in shiro.ini 24e8de4 [Prasad Wagle] Remove duplicate imports 29ebf48 [Prasad Wagle] Merge with master 52f4914 [Prasad Wagle] Check whether roles is non-empty before adding to userAndRoles 733530f [Prasad Wagle] Minor doc fix 28ea697 [Prasad Wagle] Fixed issues with security documentation reported by @AhyoungRyu 1ac076e [Prasad Wagle] Fixed typo in _navigation.html and updated interpreter_authorization.md 6c89dbe [Prasad Wagle] Implement Moon's suggestions on note permissions background and wildcard placeholder 2554315 [Prasad Wagle] Use user and roles for checking note permissions 3a5e5c0 [Prasad Wagle] Check if user has permissions to modify note permissions fbbd04b [Prasad Wagle] Make insufficient privileges error message easier to read 06c5e07 [Prasad Wagle] Update navigation.html for security docs 6b9e274 [Prasad Wagle] Add unit test for note permissions a8d0ecb [Prasad Wagle] Add security documentation 6e85730 [Prasad Wagle] Notebook Authorization
2016-02-26 00:54:47 +00:00
[ZEPPELIN-939] Improve notebook authorization documentation ### What is this PR for? Currently Zeppelin provides authorization mechanism on each notebooks. But it seems many users can not get much useful information through [the existing notebook authorization docs](https://zeppelin.apache.org/docs/0.6.0-incubating-SNAPSHOT/security/notebook_authorization.html). So I add some information so that users can follow step by step. Moreover, [interpreter authorization docs](https://zeppelin.apache.org/docs/0.6.0-incubating-SNAPSHOT/security/interpreter_authorization.html) doesn't provide much information so far. This can be confused to users. So I removed it temporally. We can add it again when we have specific(?) feature for `interpreter & data source authorization`. ### What type of PR is it? Improvement | Documentation ### Todos * [x] - Remove security_overview.md & interpreter_authorization.md * [x] - Improve notebook authorization docs ### What is the Jira issue? [ZEPPELIN-939](https://issues.apache.org/jira/browse/ZEPPELIN-939) ### How should this be tested? ### Screenshots (if appropriate) - **Before** <img width="1107" alt="screen shot 2016-06-01 at 5 46 22 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730358/cf8074ec-2820-11e6-8e55-d0552896d95d.png"> - **After** <img width="1030" alt="screen shot 2016-06-01 at 5 48 17 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730384/1b6c8a08-2821-11e6-89ae-7d054ec87c57.png"> <img width="1007" alt="screen shot 2016-06-01 at 5 48 31 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730386/1ea6e42a-2821-11e6-9630-da2ca67970f0.png"> ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No Author: AhyoungRyu <fbdkdud93@hanmail.net> Closes #947 from AhyoungRyu/ZEPPELIN-939 and squashes the following commits: e63af10 [AhyoungRyu] Revert interpreter_authorization.md 6438cc2 [AhyoungRyu] Improve notebook authorization documentation 6e1c1b3 [AhyoungRyu] Remove deleted file list in navbar 26f77d0 [AhyoungRyu] Remove security_overview.md & interpreter_authorization.md
2016-06-04 18:10:46 +00:00
As you can see, each Zeppelin notebooks has 3 entities :
Notebook Authorization ### What is this PR for? The goal of the PR is to add authorization for notebooks according to the design document [here] (https://gist.github.com/prasadwagle/712b7ca1e0f1f4f1aa20). The PR uses Shiro authentication. ### What type of PR is it? Feature ### Todos * [x] - Find way to get roles for a user in SecurityUtils (Not possible at the moment, see SHIRO-492) * [x] - Investigate how to use Shiro authorization * [x] - Use groups associated with user to determine if operation is permitted * [x] - Check if user has permissions to modify note permissions * [x] - Add checks in more NotebookServer operations * [x] - Improve UI (explain permissions, error messages) * [x] - Add unit tests * [x] - Documentation ### Is there a relevant Jira issue? ZEPPELIN-549 ### How should this be tested? 1. Enable Basic Auth Security by changing conf/shiro.ini. 1. Create a note. By default all operations are allowed by any authenticated user. 1. Update readers, writers and owners by clicking on the lock icon in the top right area. 1. Check if users can or cannot perform operations according to the permissions. ### Screenshots (if appropriate) ![Screenshot](https://cloud.githubusercontent.com/assets/870829/12711820/c70fa336-c877-11e5-84e8-e282231988b2.gif) ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No Author: Prasad Wagle <pwagle@twitter.com> Closes #681 from prasadwagle/notebook_authorization and squashes the following commits: e7cffd8 [Prasad Wagle] Restore anon default in shiro.ini 24e8de4 [Prasad Wagle] Remove duplicate imports 29ebf48 [Prasad Wagle] Merge with master 52f4914 [Prasad Wagle] Check whether roles is non-empty before adding to userAndRoles 733530f [Prasad Wagle] Minor doc fix 28ea697 [Prasad Wagle] Fixed issues with security documentation reported by @AhyoungRyu 1ac076e [Prasad Wagle] Fixed typo in _navigation.html and updated interpreter_authorization.md 6c89dbe [Prasad Wagle] Implement Moon's suggestions on note permissions background and wildcard placeholder 2554315 [Prasad Wagle] Use user and roles for checking note permissions 3a5e5c0 [Prasad Wagle] Check if user has permissions to modify note permissions fbbd04b [Prasad Wagle] Make insufficient privileges error message easier to read 06c5e07 [Prasad Wagle] Update navigation.html for security docs 6b9e274 [Prasad Wagle] Add unit test for note permissions a8d0ecb [Prasad Wagle] Add security documentation 6e85730 [Prasad Wagle] Notebook Authorization
2016-02-26 00:54:47 +00:00
[ZEPPELIN-939] Improve notebook authorization documentation ### What is this PR for? Currently Zeppelin provides authorization mechanism on each notebooks. But it seems many users can not get much useful information through [the existing notebook authorization docs](https://zeppelin.apache.org/docs/0.6.0-incubating-SNAPSHOT/security/notebook_authorization.html). So I add some information so that users can follow step by step. Moreover, [interpreter authorization docs](https://zeppelin.apache.org/docs/0.6.0-incubating-SNAPSHOT/security/interpreter_authorization.html) doesn't provide much information so far. This can be confused to users. So I removed it temporally. We can add it again when we have specific(?) feature for `interpreter & data source authorization`. ### What type of PR is it? Improvement | Documentation ### Todos * [x] - Remove security_overview.md & interpreter_authorization.md * [x] - Improve notebook authorization docs ### What is the Jira issue? [ZEPPELIN-939](https://issues.apache.org/jira/browse/ZEPPELIN-939) ### How should this be tested? ### Screenshots (if appropriate) - **Before** <img width="1107" alt="screen shot 2016-06-01 at 5 46 22 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730358/cf8074ec-2820-11e6-8e55-d0552896d95d.png"> - **After** <img width="1030" alt="screen shot 2016-06-01 at 5 48 17 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730384/1b6c8a08-2821-11e6-89ae-7d054ec87c57.png"> <img width="1007" alt="screen shot 2016-06-01 at 5 48 31 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730386/1ea6e42a-2821-11e6-9630-da2ca67970f0.png"> ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No Author: AhyoungRyu <fbdkdud93@hanmail.net> Closes #947 from AhyoungRyu/ZEPPELIN-939 and squashes the following commits: e63af10 [AhyoungRyu] Revert interpreter_authorization.md 6438cc2 [AhyoungRyu] Improve notebook authorization documentation 6e1c1b3 [AhyoungRyu] Remove deleted file list in navbar 26f77d0 [AhyoungRyu] Remove security_overview.md & interpreter_authorization.md
2016-06-04 18:10:46 +00:00
* Owners ( users or groups )
* Readers ( users or groups )
* Writers ( users or groups )
Notebook Authorization ### What is this PR for? The goal of the PR is to add authorization for notebooks according to the design document [here] (https://gist.github.com/prasadwagle/712b7ca1e0f1f4f1aa20). The PR uses Shiro authentication. ### What type of PR is it? Feature ### Todos * [x] - Find way to get roles for a user in SecurityUtils (Not possible at the moment, see SHIRO-492) * [x] - Investigate how to use Shiro authorization * [x] - Use groups associated with user to determine if operation is permitted * [x] - Check if user has permissions to modify note permissions * [x] - Add checks in more NotebookServer operations * [x] - Improve UI (explain permissions, error messages) * [x] - Add unit tests * [x] - Documentation ### Is there a relevant Jira issue? ZEPPELIN-549 ### How should this be tested? 1. Enable Basic Auth Security by changing conf/shiro.ini. 1. Create a note. By default all operations are allowed by any authenticated user. 1. Update readers, writers and owners by clicking on the lock icon in the top right area. 1. Check if users can or cannot perform operations according to the permissions. ### Screenshots (if appropriate) ![Screenshot](https://cloud.githubusercontent.com/assets/870829/12711820/c70fa336-c877-11e5-84e8-e282231988b2.gif) ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No Author: Prasad Wagle <pwagle@twitter.com> Closes #681 from prasadwagle/notebook_authorization and squashes the following commits: e7cffd8 [Prasad Wagle] Restore anon default in shiro.ini 24e8de4 [Prasad Wagle] Remove duplicate imports 29ebf48 [Prasad Wagle] Merge with master 52f4914 [Prasad Wagle] Check whether roles is non-empty before adding to userAndRoles 733530f [Prasad Wagle] Minor doc fix 28ea697 [Prasad Wagle] Fixed issues with security documentation reported by @AhyoungRyu 1ac076e [Prasad Wagle] Fixed typo in _navigation.html and updated interpreter_authorization.md 6c89dbe [Prasad Wagle] Implement Moon's suggestions on note permissions background and wildcard placeholder 2554315 [Prasad Wagle] Use user and roles for checking note permissions 3a5e5c0 [Prasad Wagle] Check if user has permissions to modify note permissions fbbd04b [Prasad Wagle] Make insufficient privileges error message easier to read 06c5e07 [Prasad Wagle] Update navigation.html for security docs 6b9e274 [Prasad Wagle] Add unit test for note permissions a8d0ecb [Prasad Wagle] Add security documentation 6e85730 [Prasad Wagle] Notebook Authorization
2016-02-26 00:54:47 +00:00
[ZEPPELIN-939] Improve notebook authorization documentation ### What is this PR for? Currently Zeppelin provides authorization mechanism on each notebooks. But it seems many users can not get much useful information through [the existing notebook authorization docs](https://zeppelin.apache.org/docs/0.6.0-incubating-SNAPSHOT/security/notebook_authorization.html). So I add some information so that users can follow step by step. Moreover, [interpreter authorization docs](https://zeppelin.apache.org/docs/0.6.0-incubating-SNAPSHOT/security/interpreter_authorization.html) doesn't provide much information so far. This can be confused to users. So I removed it temporally. We can add it again when we have specific(?) feature for `interpreter & data source authorization`. ### What type of PR is it? Improvement | Documentation ### Todos * [x] - Remove security_overview.md & interpreter_authorization.md * [x] - Improve notebook authorization docs ### What is the Jira issue? [ZEPPELIN-939](https://issues.apache.org/jira/browse/ZEPPELIN-939) ### How should this be tested? ### Screenshots (if appropriate) - **Before** <img width="1107" alt="screen shot 2016-06-01 at 5 46 22 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730358/cf8074ec-2820-11e6-8e55-d0552896d95d.png"> - **After** <img width="1030" alt="screen shot 2016-06-01 at 5 48 17 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730384/1b6c8a08-2821-11e6-89ae-7d054ec87c57.png"> <img width="1007" alt="screen shot 2016-06-01 at 5 48 31 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730386/1ea6e42a-2821-11e6-9630-da2ca67970f0.png"> ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No Author: AhyoungRyu <fbdkdud93@hanmail.net> Closes #947 from AhyoungRyu/ZEPPELIN-939 and squashes the following commits: e63af10 [AhyoungRyu] Revert interpreter_authorization.md 6438cc2 [AhyoungRyu] Improve notebook authorization documentation 6e1c1b3 [AhyoungRyu] Remove deleted file list in navbar 26f77d0 [AhyoungRyu] Remove security_overview.md & interpreter_authorization.md
2016-06-04 18:10:46 +00:00
<center><img src="../assets/themes/zeppelin/img/docs-img/permission_setting.png"></center>
Fill out the each forms with comma seperated **users** and **groups** configured in `conf/shiro.ini` file.
If the form is empty (*), it means that any users can perform that operation.
If someone who doesn't have **read** permission is trying to access the notebook or someone who doesn't have **write** permission is trying to edit the notebook, Zeppelin will ask to login or block the user.
<center><img src="../assets/themes/zeppelin/img/docs-img/insufficient_privileges.png"></center>
## How it works
In this section, we will explain the detail about how the notebook authorization works in backend side.
[ZEPPELIN-1018] Apply auto "Table of Contents" generator to Zeppelin docs website ### What is this PR for? I added auto TOC(Table of Contents) generator for Zeppelin documentation website. TOC can help people looking through whole contents at a glance and finding what they want quickly. I just added `<div id="toc"></div>` to the each documentation header. [`toc`](https://github.com/apache/zeppelin/compare/master...AhyoungRyu:ZEPPELIN-1018?expand=1#diff-85af09fb498a5667ea455391533f945dR3) recognize `<h2>` & `<h3>` as a title in the docs and it automatically generate TOC. So I set a rule for this work. (I'll write this rule on `docs/CONTRIBUTING.md` or [docs/howtocontributewebsite](https://zeppelin.apache.org/docs/0.6.0-SNAPSHOT/development/howtocontributewebsite.html)). ``` # Level-1 Heading <- Use only for the main title of the page ## Level-2 Heading <- Start with this one ### Level-3 heading <- Only use this one for child of Level-2 toc only recognize Level-2 & Level-3 ``` Please see the below attached screenshot image. ### What type of PR is it? Improvement & Documentation ### Todos * [x] - Add TOC generator * [x] - Apply TOC(`<div id="toc"></div>`) to every documentation and reorganize each headers(apply the above rule) * [x] - Fix some broken code block in several docs * [x] - Apply TOC to `r.md` (Currently R docs has some duplicated info since [this one](https://github.com/apache/zeppelin/commit/d5e87fb8ba98f08db5b0a4995104ce19f182c678) and [this one](https://github.com/apache/zeppelin/commit/7d6cc7e99154e2d337c11fdf8be1a874ed3e9ada) ) * [x] - Apply TOC to `install.md` after #1010 merged * [x] - Apply TOC to `interpreterinstallation.md` after #1042 merged ### What is the Jira issue? [ZEPPELIN-1018](https://issues.apache.org/jira/browse/ZEPPELIN-1018) ### How should this be tested? 1. Apply this patch and build `docs/` with [this guide](https://github.com/apache/zeppelin/tree/master/docs#build-documentation) 2. Visit some docs page. Then you can see TOC in the header of page. ### Screenshots (if appropriate) - Automatically generated TOC in Spark interpreter docs page <img width="831" alt="screen shot 2016-06-16 at 9 37 18 pm" src="https://cloud.githubusercontent.com/assets/10060731/16140902/945b9c7a-340a-11e6-91f3-b6174738bed0.png"> ### Questions: * Does the licenses files need update? No. Actually I used [jekyll-table-of-contents#copyright](https://github.com/ghiculescu/jekyll-table-of-contents#copyright). But I don't need to add a license for this :) * Is there breaking changes for older versions? No * Does this needs documentation? Maybe Author: AhyoungRyu <fbdkdud93@hanmail.net> Closes #1031 from AhyoungRyu/ZEPPELIN-1018 and squashes the following commits: e66397b [AhyoungRyu] Apply TOC to interpreterinstallation.md 009579b [AhyoungRyu] Add more info to 'What is the next?' in install.md 04cf501 [AhyoungRyu] Revert 'where to start' section b7cbe5f [AhyoungRyu] Fix typo cf0911c [AhyoungRyu] Rename license file 388f35a [AhyoungRyu] Add jekyll-table-of-contents license info 6394c70 [AhyoungRyu] Fix image path in python.md d00e4b1 [AhyoungRyu] Move interpreter/screenshot/ -> asset/../img/docs-img/ 3ffb383 [AhyoungRyu] Remove duplicated info in r.md & apply toc a03ca99 [AhyoungRyu] Exclude toc.js from pom.xml 3fae7df [AhyoungRyu] Apply auto generated toc to install.md d114a9d [AhyoungRyu] Address @felixcheung feedback 6a788fe [AhyoungRyu] Resize TOC tab indent 6760c00 [AhyoungRyu] Apply auto TOC to all of docs under docs/storage/ fbde57f [AhyoungRyu] Apply auto TOC to all of docs under docs/quickstart/ db76eb6 [AhyoungRyu] Apply auto TOC to all of docs under docs/install/ f35db47 [AhyoungRyu] Apply auto TOC to all of docs under docs/displaysystem/ b05365f [AhyoungRyu] Apply auto TOC to all of docs under docs/rest-api/ 163691c [AhyoungRyu] Apply auto TOC to all of docs under docs/manual/ bef398e [AhyoungRyu] Apply auto TOC to all of docs under docs/development/ 9c5f76b [AhyoungRyu] Apply auto TOC to all of docs under docs/interpreter/ 587d4ba [AhyoungRyu] Apply auto TOC to all of docs under docs/security/ 1f10b97 [AhyoungRyu] Change toc configuration 78dca9e [AhyoungRyu] Add toc.js for auto generating TOC
2016-06-25 19:44:53 +00:00
### NotebookServer
[ZEPPELIN-980] missing "incubation-" references ### What is this PR for? This is extension to https://github.com/apache/zeppelin/pull/983, with missing references of incubation. ### What type of PR is it? [Improvement] ### What is the Jira issue? [ZEPPELIN-980](https://issues.apache.org/jira/browse/ZEPPELIN-980) ### Questions: * Does the licenses files need update? no * Is there breaking changes for older versions? no * Does this needs documentation? no Author: Prabhjyot Singh <prabhjyotsingh@gmail.com> Closes #992 from prabhjyotsingh/ZEPPELIN-980 and squashes the following commits: 5fa97b7 [Prabhjyot Singh] missing "incubation-" references
2016-06-10 17:19:32 +00:00
The [NotebookServer](https://github.com/apache/zeppelin/blob/master/zeppelin-server/src/main/java/org/apache/zeppelin/socket/NotebookServer.java) classifies every notebook operations into three categories: **Read**, **Write**, **Manage**.
[ZEPPELIN-939] Improve notebook authorization documentation ### What is this PR for? Currently Zeppelin provides authorization mechanism on each notebooks. But it seems many users can not get much useful information through [the existing notebook authorization docs](https://zeppelin.apache.org/docs/0.6.0-incubating-SNAPSHOT/security/notebook_authorization.html). So I add some information so that users can follow step by step. Moreover, [interpreter authorization docs](https://zeppelin.apache.org/docs/0.6.0-incubating-SNAPSHOT/security/interpreter_authorization.html) doesn't provide much information so far. This can be confused to users. So I removed it temporally. We can add it again when we have specific(?) feature for `interpreter & data source authorization`. ### What type of PR is it? Improvement | Documentation ### Todos * [x] - Remove security_overview.md & interpreter_authorization.md * [x] - Improve notebook authorization docs ### What is the Jira issue? [ZEPPELIN-939](https://issues.apache.org/jira/browse/ZEPPELIN-939) ### How should this be tested? ### Screenshots (if appropriate) - **Before** <img width="1107" alt="screen shot 2016-06-01 at 5 46 22 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730358/cf8074ec-2820-11e6-8e55-d0552896d95d.png"> - **After** <img width="1030" alt="screen shot 2016-06-01 at 5 48 17 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730384/1b6c8a08-2821-11e6-89ae-7d054ec87c57.png"> <img width="1007" alt="screen shot 2016-06-01 at 5 48 31 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730386/1ea6e42a-2821-11e6-9630-da2ca67970f0.png"> ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No Author: AhyoungRyu <fbdkdud93@hanmail.net> Closes #947 from AhyoungRyu/ZEPPELIN-939 and squashes the following commits: e63af10 [AhyoungRyu] Revert interpreter_authorization.md 6438cc2 [AhyoungRyu] Improve notebook authorization documentation 6e1c1b3 [AhyoungRyu] Remove deleted file list in navbar 26f77d0 [AhyoungRyu] Remove security_overview.md & interpreter_authorization.md
2016-06-04 18:10:46 +00:00
Before executing a notebook operation, it checks if the user and the groups associated with the `NotebookSocket` have permissions.
For example, before executing a **Read** operation, it checks if the user and the groups have at least one entity that belongs to the **Reader** entities.
[ZEPPELIN-1018] Apply auto "Table of Contents" generator to Zeppelin docs website ### What is this PR for? I added auto TOC(Table of Contents) generator for Zeppelin documentation website. TOC can help people looking through whole contents at a glance and finding what they want quickly. I just added `<div id="toc"></div>` to the each documentation header. [`toc`](https://github.com/apache/zeppelin/compare/master...AhyoungRyu:ZEPPELIN-1018?expand=1#diff-85af09fb498a5667ea455391533f945dR3) recognize `<h2>` & `<h3>` as a title in the docs and it automatically generate TOC. So I set a rule for this work. (I'll write this rule on `docs/CONTRIBUTING.md` or [docs/howtocontributewebsite](https://zeppelin.apache.org/docs/0.6.0-SNAPSHOT/development/howtocontributewebsite.html)). ``` # Level-1 Heading <- Use only for the main title of the page ## Level-2 Heading <- Start with this one ### Level-3 heading <- Only use this one for child of Level-2 toc only recognize Level-2 & Level-3 ``` Please see the below attached screenshot image. ### What type of PR is it? Improvement & Documentation ### Todos * [x] - Add TOC generator * [x] - Apply TOC(`<div id="toc"></div>`) to every documentation and reorganize each headers(apply the above rule) * [x] - Fix some broken code block in several docs * [x] - Apply TOC to `r.md` (Currently R docs has some duplicated info since [this one](https://github.com/apache/zeppelin/commit/d5e87fb8ba98f08db5b0a4995104ce19f182c678) and [this one](https://github.com/apache/zeppelin/commit/7d6cc7e99154e2d337c11fdf8be1a874ed3e9ada) ) * [x] - Apply TOC to `install.md` after #1010 merged * [x] - Apply TOC to `interpreterinstallation.md` after #1042 merged ### What is the Jira issue? [ZEPPELIN-1018](https://issues.apache.org/jira/browse/ZEPPELIN-1018) ### How should this be tested? 1. Apply this patch and build `docs/` with [this guide](https://github.com/apache/zeppelin/tree/master/docs#build-documentation) 2. Visit some docs page. Then you can see TOC in the header of page. ### Screenshots (if appropriate) - Automatically generated TOC in Spark interpreter docs page <img width="831" alt="screen shot 2016-06-16 at 9 37 18 pm" src="https://cloud.githubusercontent.com/assets/10060731/16140902/945b9c7a-340a-11e6-91f3-b6174738bed0.png"> ### Questions: * Does the licenses files need update? No. Actually I used [jekyll-table-of-contents#copyright](https://github.com/ghiculescu/jekyll-table-of-contents#copyright). But I don't need to add a license for this :) * Is there breaking changes for older versions? No * Does this needs documentation? Maybe Author: AhyoungRyu <fbdkdud93@hanmail.net> Closes #1031 from AhyoungRyu/ZEPPELIN-1018 and squashes the following commits: e66397b [AhyoungRyu] Apply TOC to interpreterinstallation.md 009579b [AhyoungRyu] Add more info to 'What is the next?' in install.md 04cf501 [AhyoungRyu] Revert 'where to start' section b7cbe5f [AhyoungRyu] Fix typo cf0911c [AhyoungRyu] Rename license file 388f35a [AhyoungRyu] Add jekyll-table-of-contents license info 6394c70 [AhyoungRyu] Fix image path in python.md d00e4b1 [AhyoungRyu] Move interpreter/screenshot/ -> asset/../img/docs-img/ 3ffb383 [AhyoungRyu] Remove duplicated info in r.md & apply toc a03ca99 [AhyoungRyu] Exclude toc.js from pom.xml 3fae7df [AhyoungRyu] Apply auto generated toc to install.md d114a9d [AhyoungRyu] Address @felixcheung feedback 6a788fe [AhyoungRyu] Resize TOC tab indent 6760c00 [AhyoungRyu] Apply auto TOC to all of docs under docs/storage/ fbde57f [AhyoungRyu] Apply auto TOC to all of docs under docs/quickstart/ db76eb6 [AhyoungRyu] Apply auto TOC to all of docs under docs/install/ f35db47 [AhyoungRyu] Apply auto TOC to all of docs under docs/displaysystem/ b05365f [AhyoungRyu] Apply auto TOC to all of docs under docs/rest-api/ 163691c [AhyoungRyu] Apply auto TOC to all of docs under docs/manual/ bef398e [AhyoungRyu] Apply auto TOC to all of docs under docs/development/ 9c5f76b [AhyoungRyu] Apply auto TOC to all of docs under docs/interpreter/ 587d4ba [AhyoungRyu] Apply auto TOC to all of docs under docs/security/ 1f10b97 [AhyoungRyu] Change toc configuration 78dca9e [AhyoungRyu] Add toc.js for auto generating TOC
2016-06-25 19:44:53 +00:00
### Notebook REST API call
[ZEPPELIN-980] missing "incubation-" references ### What is this PR for? This is extension to https://github.com/apache/zeppelin/pull/983, with missing references of incubation. ### What type of PR is it? [Improvement] ### What is the Jira issue? [ZEPPELIN-980](https://issues.apache.org/jira/browse/ZEPPELIN-980) ### Questions: * Does the licenses files need update? no * Is there breaking changes for older versions? no * Does this needs documentation? no Author: Prabhjyot Singh <prabhjyotsingh@gmail.com> Closes #992 from prabhjyotsingh/ZEPPELIN-980 and squashes the following commits: 5fa97b7 [Prabhjyot Singh] missing "incubation-" references
2016-06-10 17:19:32 +00:00
Zeppelin executes a [REST API call](https://github.com/apache/zeppelin/blob/master/zeppelin-server/src/main/java/org/apache/zeppelin/rest/NotebookRestApi.java) for the notebook permission information.
[ZEPPELIN-939] Improve notebook authorization documentation ### What is this PR for? Currently Zeppelin provides authorization mechanism on each notebooks. But it seems many users can not get much useful information through [the existing notebook authorization docs](https://zeppelin.apache.org/docs/0.6.0-incubating-SNAPSHOT/security/notebook_authorization.html). So I add some information so that users can follow step by step. Moreover, [interpreter authorization docs](https://zeppelin.apache.org/docs/0.6.0-incubating-SNAPSHOT/security/interpreter_authorization.html) doesn't provide much information so far. This can be confused to users. So I removed it temporally. We can add it again when we have specific(?) feature for `interpreter & data source authorization`. ### What type of PR is it? Improvement | Documentation ### Todos * [x] - Remove security_overview.md & interpreter_authorization.md * [x] - Improve notebook authorization docs ### What is the Jira issue? [ZEPPELIN-939](https://issues.apache.org/jira/browse/ZEPPELIN-939) ### How should this be tested? ### Screenshots (if appropriate) - **Before** <img width="1107" alt="screen shot 2016-06-01 at 5 46 22 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730358/cf8074ec-2820-11e6-8e55-d0552896d95d.png"> - **After** <img width="1030" alt="screen shot 2016-06-01 at 5 48 17 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730384/1b6c8a08-2821-11e6-89ae-7d054ec87c57.png"> <img width="1007" alt="screen shot 2016-06-01 at 5 48 31 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730386/1ea6e42a-2821-11e6-9630-da2ca67970f0.png"> ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No Author: AhyoungRyu <fbdkdud93@hanmail.net> Closes #947 from AhyoungRyu/ZEPPELIN-939 and squashes the following commits: e63af10 [AhyoungRyu] Revert interpreter_authorization.md 6438cc2 [AhyoungRyu] Improve notebook authorization documentation 6e1c1b3 [AhyoungRyu] Remove deleted file list in navbar 26f77d0 [AhyoungRyu] Remove security_overview.md & interpreter_authorization.md
2016-06-04 18:10:46 +00:00
In the backend side, Zeppelin gets the user information for the connection and allows the operation if the users and groups
associated with the current user have at least one entity that belongs to owner entities for the notebook.
Reference in a new issue Copy permalink