Ranger Kafka Plugin
Describes how the Ranger Kafka plugin enforces authorization.
Ranger Kafka plugin is enabled in master.
Ranger Kafka Plugin Enforcement Example
Prerequisite
- Create external user 'externaluser3'
Access Enforcement steps
-
Let's try to create a topic and send some data using ‘externaluser3’, he will be denied as he doesn't have permission to create it.
-
Lets create a policy in ranger-hive for the user
- Resource : [Topic=topictest01]
- allow policy item : [user='externaluser3', permission=publish, consume, describe, create]
-
Let's try to create a topic and send some data using ‘externaluser3’, he will be allowed as he gets permission to access it.
- You can check the logs related to these actions, using tab.
Permission | Action |
---|---|
Resource = topic | |
Publish, Describe, Create | To produce topic and publish |
Describe, Create | To describe topic |
Describe | sending message to topic |
Publish | To publish topic |
Consume | To read data (consume) |
Describe | To list topic |
Configure | To alter config of topic |
Delete | To delete topic |
Describe Config | To describe config of topic |
Alter Config | To alter config |
Resource = consumergroup | |
Describe | To describe topic |
Consume | To consume topic |
Resource = cluster | |
Create | To create topic |
Describe | To describe topic |
Idempotent Write | To write idempotently |
Resource = transactionid | |
Describe, Publish | To publish and describe |