Securing Streams Messaging Manager

As a cluster administrator, you can combine Kerberos authentication and Ranger authorization to secure the Streams Messaging Manager web user interface (UI). After you secure the Streams Messaging Manager web UI, the login page appears, which does not appear by default.

If you deploy Streams Messaging Manager without security, the login page is not enabled on the Streams Messaging Manager UI by default. When you enable Kerberos authentication, Streams Messaging Manager uses SPNEGO to authenticate users and allows them to view or create topics within Kafka by administering Ranger Kafka Policies. For information on enabling browsers to use SPNEGO, see How to Configure Browsers for Kerberos Authentication.

After you secure Streams Messaging Manager, anyone within the organization can login to Streams Messaging Manager. However, if they do not have the correct policy configuration in Ranger, then they may not have the necessary privileges to perform their required tasks through Streams Messaging Manager.

  • Configure Kafka in Ranger

    For more information, see Configure a resource-based service: Kafka.

  • Enable Kerberos authentication for Kafka

    For more information, see Enable Kerberos authentication.

  • Add and configure Streams Messaging Manager

    For more information, see Creating your first Streams Messaging cluster.

  1. Go to Cloudera Manager > Streams Messaging Manager, and click Configuration.
  2. Enable Ranger for Streams Messaging Manager.


  3. Go to the Ranger service UI and configure the Kafka policies.
  4. Click cm_kafka in the Ranger service UI.


    The List of Policies page appears.

  5. Click Add New Policy.


    The Policy Details page appears.



  6. Add a policy name and select cluster from the dropdown.


  7. Type * in the field beside cluster, and select the * from the values that appear.
  8. Go to the Allow Condition section and select the user.
  9. Add permissions by clicking the + under Add Permissions.


  10. Select Create and Describe permissions.
  11. Click Add.