I am working on Ranger Kylin plugin installation. And I have completed the plugin installation. Ranger is showing Kylin services and policy on its web page. Ranger admin UI is successfully connected with kylin and policy cache json file in etc/ranger is also created. I have also updated kylin.properties file with "kylin.server.external-acl-provider".
Now, when I create a new user using ranger admin UI and give permission to this user on kylin policy. After that using the same user I am not able login in Kylin GUI.
I have checked logs and it says User not found. Only spring security code is in exception, No ranger code stack trace is available in exception. I guess, Kylin is not switched to ranger auth.
Do I need to add more properties in kylin.properties to switch on Ranger policy? So, Kylin can authenticate using ranger users?
I think the Ranger Plugin for Kylin only manages the authorization, not authentication. That means, the newly added user in Ranger, still not exists in Kylin. You can manually add that in Kylin user repository.
Related
I installed and configured a fresh version of Apache Nifi 1.14.0 and configured security against my LDAP server. Everything looks fine.
Now I copied my flow.xml.gz file from a different directory (also running 1.14) into the new directory. When I login, I can see the outline of all the process groups and processors, but all the names are missing, and I see that all my users are unauthorized to view anything or make any changes.
Even my admin cannot do anything.
What am I missing here?
I found the solution to my problem. After migrating flow.xml.gz, I needed to add a policy to my root component.
This could be accomplished by right-clicking in the Nifi canvas and select 'Manage Access Policies'. Then add one or more users to View the component.
Apparently the admin can login and then grant himself access to view the main Nifi component (process group).
Sonar Server 6.7.1.
I have following queries wrt how permission works in SonarQube
1. How to enable window NT authentication on sonar portal. I believe by default it is open to everybody, no authentication.
Using sonar admin account I can create the quality profiles (add/remove rules) & assign it to a project. Can I do it as project admin account as well? My use case is I have couple of projects hosted, I do not want to share admin account with each project.
I created many users and groups on sonar portal, but I could not see them under Global Permission page. How to projet administrators?
Let's say I have set of issues reported by sonar for a project. From the portal I want to mark some of the issues as "Won't fixed". What is the minimal permission required user/project admin/sonar admin to do it?
Appreciate your response on above queries.
Disable anonymous access: Disallow anonymous users to access Sonar
You need Administer Quality Gates global permission
You have to start typing username you are looking for in Search field
You need Administer Issues project permission
Please take a look at SonarQube documentation: https://docs.sonarqube.org/display/SONAR/Authorization
Did a fresh install of Apache Nifi using unofficial Docker for Nifi (https://hub.docker.com/r/apache/nifi/). No users.xml and authorizations.xml found in conf directory. FYI, the conf directory has configuration files like nifi.properties, authorizers.xml, login-identity-providers.xml etc.
The Nifi menu does not show all menu options for anonymous login, like Users menu etc.
How do I enable (i.e make viewable) all the menu options in Nifi UI?
When you install Apache NiFi (building from source or downloading the binaries), the users.xml and authorizations.xml files will not exist at first. When the application is started for the first time, the authorizers.xml file is read and processed, and these files are generated from the configured UserGroupProvider and AccessPolicyProvider.
If you do not choose to secure NiFi using HTTPS, all access is anonymous, and no user accounts are created.
If you choose to secure it, you will have the capability to configure and manage users, groups, and permissions within the NiFi UI.
It is unclear from your question which menu options you expect to see in the global menu when accessing the application as an anonymous user. Please clarify the question or refer to NiFi Admin Guide -- Multi-Tenant Authorization for further details.
I have a mesos cluster with a master and 6 agents. I have enabled authentication for users and passed user credentials with their roles while starting mesos-master. Now I wanted to dynamically add new users to the master. How can I do that without stopping mesos-master?
You can develop your own authentication module
Authenticatee and Authenticator modules allow for third parties to quickly develop and plug-in new authentication methods. An example for such modules could be to support PAM (LDAP, MySQL, NIS, UNIX) backed authentication. — Documentation / Modules
Here you can see example how to do it. This code is quite old but it shows basic concept.
The Release notes for SonarQube 5.2 indicate that scanners no longer access the database directly.
With SonarQube 5.1, it's possible to ensures that the dashboard only ever shows reports on code in version control by configuring the database to only accept connections from the build server.
With SonarQube 5.2, I wouldn't expect this approach to work, because scanners aren't connecting directly to the database.
How can SonarQube 5.2 be secured so that only the build server can update the results shown on the dashboard?
This is really straightforward:
Make sure that your build server runs SQ analyses with non-empty sonar.login and sonar.password properties
Usually, the user corresponding to this sonar.login is a technical user
In the SQ Web Administration console, go to "Security > Global Permissions" and make sure that only the user corresponding to sonar.login has the "Execute Analysis" permission
Note that this can (or I'd even say "should") be done even on versions older than 5.2.