Cloudera Docs

Enable Access Control for Notebooks

This section describes how to restrict access to Apache Zeppelin notebooks by granting permissions to specific users and groups.

There are two main steps in this process: defining the searchBase property in the Zeppelin Shiro configuration, and then specifying permissions.
  1. In Zeppelin configuration settings, the Zeppelin administrator should specify activeDirectoryRealm.searchBase or ldapRealm.searchBase, depending on whether Zeppelin uses AD or LDAP for authentication. The value of searchBase controls where Zeppelin looks for users and groups.
    For more information, refer to "Shiro Settings: Reference" in this guide. For an example, see "Configure Zeppelin for Authentication: LDAP and Active Directory" in this guide.
  2. The owner of the notebook should navigate to the note and complete the following steps:
    1. Click the lock icon on the notebook:

    2. Zeppelin presents a popup menu. Enter the user and groups that should have access to the note. To search for an account, start typing the name.

      Note: If you are using Shiro as the identity store, users should be listed in the [user]section. If you are using AD or LDAP users and groups should be stored in the realm associated with your Shiro configuration.