Cloudera Docs

Defining Schema Registry access policies

You must grant your application certain privileges to use the Schema Registry by creating the appropriate policies in Ranger. Learn how to define access policies and permissions for using Schema Registry.

In this example, you want to allow the application to create and manage schemas in Schema Registry. You can adjust the permissions granted to the applications in your environment to avoid granting privileges that are not necessary for each use case.
You must have gathered configuration information for using Schema Registry.
  1. Navigate to Management Console > Environments, and select the environment where your Kafka cluster is running.
  2. Click the Ranger icon () on the top pane, to open the Ranger web UI.
  3. On the Ranger UI, click Access Manager > Resource Based Policies.
  4. Under the SCHEMA REGISTRY group, select the policy associated to your Schema Registry service.
    To select it, click on the policy name, not on the icons. You should see the list of predefined policies for your Schema Registry.
  5. Create a policy to allow access to the schema metadata.
    1. Click Add New Policy, to create a new one, and enter the following details:

      • Policy Name: Machine Data Schema Metadata

      • schema-group: kafka

      • Schema Name: machine-data-avro

      • schema-branch: Click on the schema-branch option and select none

      • Description: Access to machine-data-avro schema metadata

    2. Below the Allow Conditions section, click on the empty Select Users box and select the Machine User you created previously.
    3. Click Add Permissions, select all the permissions and click on the tick mark button.


    4. Scroll to the bottom of the page and click Add to save the policy.
  6. Create a policy to allow access to the schema versions:
    1. Click Add New Policy, to create a new one, and enter the following details:
      • Policy Name: Machine Data Schema Versions

      • schema-group: kafka

      • Schema Name: machine-data-avro

      • schema-branch: MASTER

      • schema-version: *

      • Description: Access to machine-data-avro schema versions

    2. Below the Allow Conditions section, click on the empty Select Users box and select the Machine User you created previously.
    3. Click Add Permissions, select all the permissions and click on the tick mark button.


    4. Scroll to the bottom of the page and click Add to save the policy.