Configuring Ranger policies for SSB

You must add SQL Stream Builder (SSB) users to the Ranger policies that are needed for YARN, Kafka, Schema Registry, Hive and Kudu to provide access to topics, schemas and tables used by the components.

Add the required Ranger policies for Flink. For more information, see Configuring Ranger policies for Flink documentation.

Navigate to Management Console > Environments, and select the environment where you have created your cluster.
Click on the Data Lake tab.
Select Ranger from the services.
You are redirected to the Ranger user interface.
Select the Streaming Analytics cluster under the YARN service.
1. Add the SSB user to the all-queue policy.
Select the Streaming Analytics cluster under the Kafka service.
1. Add the SSB user to the following policies:
  - all-consumergroup
  - all-topic

Select the cluster under the needed service where you want to add the SSB user.

Based on the connector type you want to use with SSB, you need to add the SSB user to the Schema Registry, Kudu or Hive service. The following minimal permissions are required for the SSB user:


Service	Policy name
Schema Registry	all-schema-group, schema-metadata, schema-branch, schema-version
Kudu	Database Table Column
Hive	all-global all-database, table, column all-database, table all-database all-hiveservice all-database, udf all-url