Configuring Ranger policies for SSB

You must add SQL Stream Builder (SSB) users to the Ranger policies that are needed for YARN, Kafka, Schema Registry, Hive and Kudu to provide access to topics, schemas and tables used by the components.

  1. Navigate to Management Console > Environments, and select the environment where you have created your cluster.
  2. Click on the Data Lake tab.
  3. Select Ranger from the services.
    You are redirected to the Ranger user interface.
  4. Select the Streaming Analytics cluster under the YARN service.
    1. Add the SSB user to the all-queue policy.
  5. Select the Streaming Analytics cluster under the Kafka service.
    1. Add the SSB user to the following policies:
      • all-consumergroup
      • all-topic
  6. Select the cluster under the needed service where you want to add the SSB user.
    Based on the connector type you want to use with SSB, you need to add the SSB user to the Schema Registry, Kudu or Hive service. The following minimal permissions are required for the SSB user:
    Service Policy name
    Schema Registry
    • all-schema-group, schema-metadata, schema-branch, schema-version
    Kudu
    • Database
    • Table
    • Column
    Hive
    • all-global
    • all-database, table, column
    • all-database, table
    • all-database
    • all-hiveservice
    • all-database, udf
    • all-url