Elgato_dark/zeppelin
1
0
Fork 0
mirror of https://github.com/apache/zeppelin synced 2026-05-24 09:38:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeppelin/docs/security/notebook_authorization.md
AhyoungRyu 85d4df4f0c [ZEPPELIN-1219] Add searching feature to Zeppelin docs site 
### What is this PR for?
As more and more document pages are added, it's really hard to find specific pages. So I added searching feature to Zeppelin documentation site([jekyll](https://jekyllrb.com/) based site) using [lunr.js](http://lunrjs.com/).

 - **How does it work?**

  I created [`search_data.json`](6e02423f54/docs/search_data.json) which is used for docs info template. `lunr.js` combines all of the text from all of the docs in `docs/` into `_site/search_data.json`. It looks like below.
![screen shot 2016-08-03 at 4 49 59 am](https://cloud.githubusercontent.com/assets/10060731/17342828/f2908be8-5935-11e6-8eee-b189677c0531.png)
All the info are comes from [Jekyll YAML front matter](https://jekyllrb.com/docs/frontmatter/) variables. (i.e. title, group, description.. that's why I rewrote all docs' title and description.)
[search.js](6e02423f54/docs/assets/themes/zeppelin/js/search.js) will do this job using this data!

### What type of PR is it?
Improvement & Feature

### Todos
* [x] - Keep consistency for all docs pages' `Title`
* [x] - Add some overview sentences to all docs pages' `Description` section (this will be used as the result preview)
* [x] - Add apache license header to all docs page (some pages are missing the license header currently)
* [x] - Add LICENSE for `lunr.min.js`

### What is the Jira issue?
[ZEPPELIN-1219](https://issues.apache.org/jira/browse/ZEPPELIN-1219)

### How should this be tested?
1. Apply this patch and build `ZEPPELIN_HOME/docs` dir -> please see [docs/README.md#build-documentation](https://github.com/apache/zeppelin/tree/master/docs#build-documentation)
2. Click `search` icon in navbar and go to `search.html` page
3. Type anything you want to search in the search bar (i.e. type `python`, `spark`, `dynamic` ... )

### Screenshots (if appropriate)
![screen shot 2016-08-03 at 4 42 28 pm](https://cloud.githubusercontent.com/assets/10060731/17357851/d092e2ca-5999-11e6-9917-a3d4113e6e43.png)

![search](https://cloud.githubusercontent.com/assets/10060731/17357828/b2486cd6-5999-11e6-873b-121fac033b03.gif)

### Questions:
* Does the licenses files need update? Yes, for `lunr.min.js`
* Is there breaking changes for older versions? no
* Does this needs documentation? no

Author: AhyoungRyu <fbdkdud93@hanmail.net>

Closes #1266 from AhyoungRyu/ZEPPELIN-1219 and squashes the following commits:

7ec8854 [AhyoungRyu] Modify 'no result' sentence
91b71a7 [AhyoungRyu] Remove Apache license header since JSON doesn't allow comment
34afd5d [AhyoungRyu] Add Apache license header to search_data.json
6784282 [AhyoungRyu] Minor search page UI update
0389d28 [AhyoungRyu] Make index.md not to be searched
9f1ba42 [AhyoungRyu] Disable enterkey press & change icon
bd4956a [AhyoungRyu] Add docs.js & search.js to exclude list in pom.xml
624b051 [AhyoungRyu] Add Apache license header to search.js
1381152 [AhyoungRyu] Fix search result skipping issue
6e775f5 [AhyoungRyu] Make pleasecontribute.md not to be searched
ee11136 [AhyoungRyu] Fix some typos
fa01299 [AhyoungRyu] Refine 'description' in some docs as @bzz suggested
da0cff9 [AhyoungRyu] Exclude lunr.min.js
36ba7f1 [AhyoungRyu] Add lunr.min.js license info
f6a05a6 [AhyoungRyu] Apply css style for the search results
68eb997 [AhyoungRyu] Attach 'Apache Zeppelin ZEPPELIN_VERSION Documentation: ' to title
d908c37 [AhyoungRyu] Add searching page
a951fa6 [AhyoungRyu] Add search icon to navbar
0688a79 [AhyoungRyu] Keep consistency all docs' front matter for the right search result
040f532 [AhyoungRyu] Add template for storing docs info based on jekyll front matter
0705bd6 [AhyoungRyu] Add js files: lunr.min.js & search.js
2016-08-10 12:39:22 +09:00

60 lines
3.2 KiB
Markdown
Raw Blame History

---
layout: page
title: "Notebook Authorization in Apache Zeppelin"
description: "This page will guide you how you can set the permission for Zeppelin notebooks. This document assumes that Apache Shiro authentication was set up."
group: security
---
<!--
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
{% include JB/setup %}
# Zeppelin Notebook Authorization
<div id="toc"></div>
## Overview
We assume that there is an **Shiro Authentication** component that associates a user string and a set of group strings with every NotebookSocket.
If you don't set the authentication components yet, please check [Shiro authentication for Apache Zeppelin](./shiroauthentication.html) first.
## Authorization Setting
You can set Zeppelin notebook permissions in each notebooks. Of course only **notebook owners** can change this configuration.
Just click **Lock icon** and open the permission setting page in your notebook.
As you can see, each Zeppelin notebooks has 3 entities :
* Owners ( users or groups )
* Readers ( users or groups )
* Writers ( users or groups )
<center><img src="../assets/themes/zeppelin/img/docs-img/permission_setting.png"></center>
Fill out the each forms with comma seperated **users** and **groups** configured in `conf/shiro.ini` file.
If the form is empty (*), it means that any users can perform that operation.
If someone who doesn't have **read** permission is trying to access the notebook or someone who doesn't have **write** permission is trying to edit the notebook, Zeppelin will ask to login or block the user.
<center><img src="../assets/themes/zeppelin/img/docs-img/insufficient_privileges.png"></center>
## How it works
In this section, we will explain the detail about how the notebook authorization works in backend side.
### NotebookServer
The [NotebookServer](https://github.com/apache/zeppelin/blob/master/zeppelin-server/src/main/java/org/apache/zeppelin/socket/NotebookServer.java) classifies every notebook operations into three categories: **Read**, **Write**, **Manage**.
Before executing a notebook operation, it checks if the user and the groups associated with the `NotebookSocket` have permissions.
For example, before executing a **Read** operation, it checks if the user and the groups have at least one entity that belongs to the **Reader** entities.
### Notebook REST API call
Zeppelin executes a [REST API call](https://github.com/apache/zeppelin/blob/master/zeppelin-server/src/main/java/org/apache/zeppelin/rest/NotebookRestApi.java) for the notebook permission information.
In the backend side, Zeppelin gets the user information for the connection and allows the operation if the users and groups
associated with the current user have at least one entity that belongs to owner entities for the notebook.
Reference in a new issue View git blame Copy permalink