Getting Started

Configure Security on an Ambari-Managed Cluster

If your cluster is managed by Ambari, navigate to the Configs tab and edit settings in the "Advanced zeppelin-env", "Advanced zeppelin-config", "zeppelin-log4j-properties" and "zeppelin-shiro-ini" sections, as described in following subsections.

Changes to shiro_ini_content require restarting the Zeppelin server. Ambari indicates this with a warning, and offers a menu option to restart Zeppelin.

Configure Security on a non-Ambari Cluster

If your cluster is not managed by Ambari:

1. Locate the shiro.ini template file in the Zeppelin /conf folder:

   /usr/hdp/current/zeppelin-server/conf/shiro.ini.template.

2. Copy the template file as shiro.ini:

   /usr/hdp/current/zeppelin-server/conf/shiro.ini

3. Edit the shiro.ini file as described in the following subsections.
4. After editing the shiro.ini file, restart the Zeppelin server:

   ./bin/zeppelin-daemon.sh restart

shiro.ini Structure

The shiro_ini_content property (Ambari) and shiro.ini file (non-Ambari) contain several sections for configuring authentication:

• [main], which contains definitions for LDAP or Active Directory objects and properties.

• [users], which can be used to specify user accounts and passwords for simple deployments that do not require secure passwords, and require only a small number of statically-defined accounts.

• [roles], for defining roles associated with access control.

• [urls], for configuring URL-based security. For Zepplin, the [urls] section is used to specify authentication method and define access control filters.