I am trying to apply security in Kylo, such as the feed and category created by one user if it is not visible to other users.
Is it possible in Kylo HDP Sandbox?
If yes, what changes do I need to make?
Yes, you can do this via Kylo's entity-level access control mechanism. Below is an illustration to enable entity access for categories in Kylo sandbox.
Step 1: Enable entity access control
Update kylo-services/conf/application.properties
kylo-services/conf/application.properties
security.entity.access.controlled=true security.auth.file.users=file:///opt/kylo/users.properties security.auth.file.groups=file:///opt/kylo/groups.properties
Step 2: Define users
Create a file called users.properties, populate it and give proper permissions. The structure of each entry is username=password.
users.properties
username=password
$ vi /opt/kylo/users.properties #entries in file dladmin=thinkbig analyst=analyst designer=designer operator=operator $ chown kylo:users /opt/kylo/users.properties $ chmod 600 /opt/kylo/users.properties
Step 3: Define groups
Create a file called groups.properties, populate it and give proper permissions. The structure of each entry is user=group memberships.
groups.properties
user=group memberships
$ vi /opt/kylo/groups.properties #entries in file dladmin=admin,user analyst=analyst,user designer=designer,user operator=operations,user $ chown kylo:users /opt/kylo/groups.properties $ chmod 600 /opt/kylo/groups.properties
Step 4: Restart Kylo
$ /opt/kylo/stop-kylo-apps.sh $ /opt/kylo/start-kylo-apps.sh
Step 5: Log in as dladmin user (password: thinkbig)
Create a category (say sample_category). Do not give any entity level permissions.
sample_category
Step 6: Log in as operator user (password: operator)
Look at the list of categories. sample_category is not visible since no permissions were given by the dladmin user.
dladmin
Step 7: Log back in as dladmin user and give permissions
Give Editor role to Operations group. The operator user is a member of Operations group.
Editor
Operations
operator
Step 8: Log back in as operator user
Look at the list of categories. sample_category is now visible
Copyright © 2021 Jogjafile Inc.
Yes, you can do this via Kylo's entity-level access control mechanism. Below is an illustration to enable entity access for categories in Kylo sandbox.
Step 1: Enable entity access control
Update
kylo-services/conf/application.properties
Step 2: Define users
Create a file called
users.properties
, populate it and give proper permissions. The structure of each entry isusername=password
.Step 3: Define groups
Create a file called
groups.properties
, populate it and give proper permissions. The structure of each entry isuser=group memberships
.Step 4: Restart Kylo
Step 5: Log in as dladmin user (password: thinkbig)
Create a category (say
sample_category
). Do not give any entity level permissions.Step 6: Log in as operator user (password: operator)
Look at the list of categories.
sample_category
is not visible since no permissions were given by thedladmin
user.Step 7: Log back in as dladmin user and give permissions
Give
Editor
role toOperations
group. Theoperator
user is a member ofOperations
group.Step 8: Log back in as operator user
Look at the list of categories.
sample_category
is now visible