As an EnvironmentAdmin, you need provide the users access to your environment
and to the new Streams Messaging cluster by assigning user roles and adding users to Ranger
policies.
The cluster you have created using the Streams Messaging
cluster definition is kerberized and secured with SSL. Users can access cluster UIs and
endpoints through a secure gateway powered by Apache Knox. Before you can begin working
with Kafka, Schema Registry, Streams Messaging Manager, and Streams Replication Manager, you must give users access to the Streams Messaging
cluster components.
-
Assign the EnvironmentUser role to the users to grant access to the Cloudera environment and the Streams Messaging
cluster.
- Sync the updated user permissions to the Data Lake (Ranger) using
.
This synchronizes the user to the
FreeIPA identity management system to enable SSO.
- Add the user to the appropriate pre-defined Ranger policies.
These
policies are specified within the Ranger instance that provides authorization to the Kafka
service in your Streams Messaging cluster.
If needed, you can also create a
custom Ranger access policy and add the user to it.
After you have created your Streams Messaging cluster, you are
ready to start working with Kafka workloads in Cloudera on cloud.
