Uploaded image for project: 'Zeppelin'
  1. Zeppelin
  2. ZEPPELIN-645

Zeppelin to send authenticated user identity downstream

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • zeppelin-server
    • None

    Description

      Recently Zeppelin added LDAP authentication feature. However that feature is a first step in the security store. Ultimately the use case is that the resource (e.g HDFS files) accessed through Zeppelin can be secured with a policy that governs which user can access this resource.

      This will need Zeppelin to send down proxy user information.

      See https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/Superusers.html

      The use case here is the next step beyond LDAP authentication, such that the end user identity flows downstream such that Data Scientist A and Data Scientist B are able to work on their own datasets by default and must not see each others data, unless HDFS/Hive permissions allows this access.

      Attachments

        Issue Links

          Blocked

          New Feature - A new feature of the product, which has yet to be developed. ZEPPELIN-773 Multi-tenancy in Zeppelin

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Activity

            People

              vinayshukla@gmail.com Vinay Shukla
              vinayshukla@gmail.com Vinay Shukla
              Votes:
              2 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated: