Elgato_dark/zeppelin
1
0
Fork 0
mirror of https://github.com/apache/zeppelin synced 2026-05-24 09:38:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeppelin/docs/setup/security/datasource_authorization.md
sooyeon shin bcb5cd436a [ZEPPELIN-5184] Update related to entity name of credentials 
### What is this PR for?
The entity name of the credential has changed.
Please refer to these. https://github.com/apache/zeppelin/pull/3806, https://github.com/apache/zeppelin/pull/4008.
The documentation and web UI need to be updated.
Change the entity name from [Interpreter Group].[Interpreter Name] to [Interpreter Name].

### What type of PR is it?
[Improvement | Documentation]

### Todos
* [ ] - Task

### What is the Jira issue?
* https://issues.apache.org/jira/browse/ZEPPELIN-5184

### How should this be tested?
Access the web page.

### Screenshots (if appropriate)
#### Web UI
- http://[zeppelin-server]:[zeppelin-port]/#/credential
- Change the entity name from [Interpreter Group].[Interpreter Name] to [Interpreter Name].
- default UI
  - before
    <img width="400" alt="default_before1" src="https://user-images.githubusercontent.com/1809185/103356944-6234c300-4af5-11eb-9608-a392fb4e084e.png">
    <img width="400" alt="default_before2" src="https://user-images.githubusercontent.com/1809185/103356949-6365f000-4af5-11eb-8f53-9dd20ff6fcae.png">
  - after
    <img width="400" alt="default_after1" src="https://user-images.githubusercontent.com/1809185/103357068-a32cd780-4af5-11eb-8ec1-0108d2d7fcb4.png">
    <img width="400" alt="default_after2" src="https://user-images.githubusercontent.com/1809185/103357069-a3c56e00-4af5-11eb-8db5-86c506e3389a.png">
- next UI
  - before
    <img width="400" alt="nextui_before" src="https://user-images.githubusercontent.com/1809185/103357127-c22b6980-4af5-11eb-90ba-93e80dc5e35b.png">
  - after
    <img width="400" alt="nextui_after" src="https://user-images.githubusercontent.com/1809185/103357134-c6578700-4af5-11eb-8adb-548c0165db03.png">

#### Documentation
- http://[zeppelin-doc-server]:[zeppelin-doc-port]/setup/security/datasource_authorization.html#how-to-save-the-credential-information
- Change the entity name from [Interpreter Group].[Interpreter Name] to [Interpreter Name].
  - before
    <img width="600" alt="doc_before1" src="https://user-images.githubusercontent.com/1809185/103357881-9ad59c00-4af7-11eb-8a61-3c5b869aecab.png">
  - after
    <img width="600" alt="doc_after1" src="https://user-images.githubusercontent.com/1809185/103357912-a923b800-4af7-11eb-9929-445fe20a754e.png">

- http://[zeppelin-doc-server]:[zeppelin-doc-port]/usage/interpreter/overview.html#credential-injection
- Fix broken image
  - before
    <img width="600" alt="doc_before2" src="https://user-images.githubusercontent.com/1809185/103357948-c35d9600-4af7-11eb-9491-ce8a834b56b0.png">
  - after
    <img width="852" alt="doc_after2" src="https://user-images.githubusercontent.com/1809185/103357967-ceb0c180-4af7-11eb-9aec-b25b5ae89557.png">

### Questions:
* Does the licenses files need update? N
* Is there breaking changes for older versions? N
* Does this needs documentation? Y

Author: sooyeon shin <comma337@gmail.com>

Closes #4009 from comma337/hotfix/ZEPPELIN-5184 and squashes the following commits:

316a45439 [sooyeon shin] Fix merge error
9f7ca99dc [sooyeon shin] Fix broken image
16f70e8a4 [sooyeon shin] Change the entity name from [Interpreter Group].[Interpreter Name] to [Interpreter Name]
2021-01-16 22:21:07 +08:00

3.3 KiB
Raw Permalink Blame History

layout title description group
page Data Source Authorization in Apache Zeppelin Apache Zeppelin supports protected data sources. In case of a MySql database, every users can set up their own credentials to access it. setup/security

{% include JB/setup %}

Data Source Authorization in Apache Zeppelin

Overview

Data source authorization involves authenticating to the data source like a Mysql database and letting it determine user permissions. Apache Zeppelin allows users to use their own credentials to authenticate with Data Sources.

For example, let's assume you have an account in the Vertica databases with credentials. You might want to use this account to create a JDBC connection instead of a shared account with all users who are defined in conf/shiro.ini. In this case, you can add your credential information to Apache Zeppelin and use them with below simple steps.

How to save the credential information?

You can add new credentials in the dropdown menu for your data source which can be passed to interpreters.

Entity can be the key that distinguishes each credential sets.(We suggest that the convention of the Entity is Interpreter Name.)

Type Username & Password for your own credentials. ex) Mysql user & password of the JDBC Interpreter.

The credentials saved as per users defined in conf/shiro.ini. If you didn't activate shiro authentication in Apache Zeppelin, your credential information will be saved as anonymous. All credential information also can be found in conf/credentials.json.

JDBC interpreter

You need to maintain per-user connection pools. The interpret method takes the user string as a parameter and executes the jdbc call using a connection in the user's connection pool.

Presto

You don't need a password if the Presto DB server runs backend code using HDFS authorization for the user.

Vertica and Mysql

You have to store the password information for users.

Please note

As a first step of data source authentication feature, ZEPPELIN-828 was proposed and implemented in Pull Request #860. Currently, only customized 3rd party interpreters can use this feature. We are planning to apply this mechanism to the community managed interpreters in the near future. Please keep track ZEPPELIN-1070.