Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
0.8.0
-
None
-
None
Description
Reference: https://zeppelin.apache.org/docs/0.8.1/setup/operation/upgrading.html#breaking-changes-in-08x
After upgrading to 0.8.0, we were left with all of the notebooks open to all users. In order to fix this, we created a python JSON parser to fill in the runner with the notebook owner. Any blank field should not leave any notebook open by default, the default should be no access, not all access. The security problem here is not that the field was left blank but the handling of that condition by Zeppelin.
A sane default by pre-assigning the runner to the note owner is more ideal IMHO.
Scripting this is a workaround, not a patch.
Attachments
Issue Links
- is related to
-
ZEPPELIN-4043 Create shell script for moving note permission info from notebook-authorization.json to note file
- Closed
- links to