Configuring Apache Zeppelin Security
Also available as:
PDF

Introduction

Zeppelin uses Apache Shiro to provide authentication and authorization (access control).

This chapter describes how to configure and enable several Zeppelin security features:

  1. Configure authentication. Zeppelin supports a Shiro-based identity source for testing and informal use, as well as LDAP and Active Directory identity sources for production use. After authentication is enabled, when users connect to Apache Zeppelin they are prompted for login credentials.
  2. Optionally, limit who can configure Zeppelin interpreter, credential, and configuration settings; notebooks; and data.
  3. Optionally, configure the Zeppelin UI to run over SSL (HTTPS).
  4. Optionally, configure Zeppelin to run on a Kerberos-enabled cluster.

If Ranger is enabled on your cluster, no additional configuration steps are required to have Ranger work with Zeppelin. Note, however, that a Ranger policy change takes about five to ten minutes to take effect.