Apache Zeppelin Component Guide
Also available as:

Enabling Access Control for Notebooks

The next optional security step is to add access control for Zeppelin notes, granting permissions to specific users and groups. There are two main steps to this process: defining the searchBase property in the Zeppelin Shiro configuration, and then specifying permissions.

To restrict notebook access to authorized users:

  1. In Zeppelin configuration settings, the Zeppelin administrator should specify activeDirectoryRealm.searchBase or ldapRealm.searchBase, depending on whether Zeppelin uses AD or LDAP for authentication. The value of searchBase controls where Zeppelin looks for users and groups.

    For more information, refer to Shiro Settings: Reference. For an example, see Configure Authentication for Authentication: LDAP and Active Directory.

  2. The owner of the notebook should navigate to the note and complete the following steps:

    1. Click the lock icon on the notebook:

    2. Zeppelin presents a popup menu. Enter the user and groups that should have access to the note. To search for an account, start typing the name.

      Note: If you are using Shiro as the identity store, users should be listed in the [user] section. If you are using AD or LDAP users and groups should be stored in the realm associated with your Shiro configuration.

For more information, see Apache Zeppelin Notebook Authorization.