Uploaded image for project: 'Kylin'
  1. Kylin
  2. KYLIN-4781

Provisioning different Roles access to the LDAP Groups

    XMLWordPrintableJSON

    Details

    • Flags:
      Important

      Description

      We have setup the LDAP connectivity using the kylin.properties file and all users we able to login to the server.

      But apart from the admin ldap User, others are not able to see any projects, So we have proceeded to add user level permissions in admin user and it worked fine. Since the number of users were high we want to grant access at AD group level instead of Users.

       

      Apart from ROLE_ADMIN, ROLE_ANALYST, ROLE_MODELER, ALL_USER Other groups we are not able to add. 

      Tried Few options:

      1. Setting up the below property with AD group names to provide admin access, still not able to grant access to these roles.
        • kylin.security.acl.admin-role
        • Error: operation Failed, Group xxx not exists, Please Add first.
      2. Manually added an entry in the hbase metadata table for key "/user_group" with the group name.
        • Now able to add the Role and assign but the Users in that AD group still not able to see the projects whose access has been granted.

       

      Net-Net we could not grant AD group to different roles at project Level. Kindly help.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              sunmuthu sundaramoorthy Muthusamy
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: