Ranger Kafka Plugin
Describes how the Ranger Kafka plugin enforces authorization.
Ranger Kafka plugin is enabled in master.
Ranger Kafka Plugin Enforcement Example
Prerequisite
- Create external user 'externaluser3'
Access Enforcement steps
-
Let's try to create a topic and send some data using ‘externaluser3’, he will be denied as he doesn't have permission to create it.
-
Lets create a policy in ranger-hive for the user
- Resource : [Topic=topictest01]
- allow policy item : [user='externaluser3', permission=publish, consume, describe, create]
-
Let's try to create a topic and send some data using ‘externaluser3’, he will be allowed as he gets permission to access it.
- You can check the logs related to these actions, using tab.
| Permission | Action |
|---|---|
| Resource = topic | |
| Publish, Describe, Create | To produce topic and publish |
| Describe, Create | To describe topic |
| Describe | sending message to topic |
| Publish | To publish topic |
| Consume | To read data (consume) |
| Describe | To list topic |
| Configure | To alter config of topic |
| Delete | To delete topic |
| Describe Config | To describe config of topic |
| Alter Config | To alter config |
| Resource = consumergroup | |
| Describe | To describe topic |
| Consume | To consume topic |
| Resource = cluster | |
| Create | To create topic |
| Describe | To describe topic |
| Idempotent Write | To write idempotently |
| Resource = transactionid | |
| Describe, Publish | To publish and describe |
