Configuring Ranger policies for Cloudera SQL Stream Builder
You must add Cloudera SQL Stream Builder service user named ssb to the Ranger policies that
    are used by Kafka, Schema Registry, Hive and Kudu to provide access to topics, schemas and
    tables provided by the components.
- Install Apache Ranger on your cluster. For more information, see the Production Installation documentation.
- Add the required Ranger policies for Flink. For more information, see Configuring Ranger policies for Flink documentation.
- Go to your cluster in Cloudera Manager.
- Select Ranger from the list of services.
- Click on Ranger Admin Web UI.You are redirected to the Ranger Admin Web UI. 
Adding Cloudera SQL Stream Builder user to Kafka policies
ssb user to the following policies:- all-cluster
- all-topic
- Select cm_kafka from the Service Manager home page on the Ranger
     Admin Web UI.You are redirected to the list of Kafka policies page. 
- Click on the edit button of the all-cluster policy.
- Add the Cloudera SQL Stream Builder user to the Select User field under the Allow Conditions setting.
- Click Save.You are redirected to the list of Kafka policies page 
- Click on + More… to check if the Cloudera SQL Stream Builder user is listed under the Users
     for the clusterpolicy.
- Add the ssbuser to the following policy with the above steps as well:- all-topic
 
Adding Cloudera SQL Stream Builder user to Schema Registry policies
ssb user to the following policy:- all-schema-group, schema-metadata, schema-branch, schema-version
- Select cm_schema-registry from the Service Manager home page on the
     Ranger Admin Web UI.You are redirected to the list of Schema Registry policies page. 
- Click on the edit button of the all-schema-group, schema-metadata, schema-branch, schema-version policy.
- Add the ssbuser to the Select User field under the Allow Conditions setting.
- Click Save.You are redirected to the list of Schema Registry policies page. 
- Click on + More… to check if the Cloudera SQL Stream Builder user is listed under the Users for the schema-group, schema-metadata, schema-branch, schema-version policy.
Adding Cloudera SQL Stream Builder user to Hive policies
ssb user to the following policy:- all-global
- all-database, table, column
- all-database, table
- all-database
- all-hiveservice
- all-database, udf
- all-url
- Select cm_hadoopsql from the Service Manager home page on the Ranger
     Admin Web UI.You are redirected to the list of Hadoop SQL policies page. 
- Click on the edit button of the all-global policy.
- Add the Cloudera SQL Stream Builder user to the Select User field under the Allow Conditions setting.
- Click Save.You are redirected to the list of Hadoop SQL policies page. 
- Click on + More… to check if the Cloudera SQL Stream Builder user is listed under the Users for the all-global policy.
- Add the ssbuser to the following policy with the above steps as well:- all-database, table, column
- all-database, table
- all-database
- all-hiveservice
- all-database, udf
- all-url
 
Adding Cloudera SQL Stream Builder user to Kudu policies
You must create a policy to grant access to Kudu tables for the ssb user.
- Select cm_kudu from the Service Manager home page on the Ranger Admin
     Web UI.You are redirected to the Create Policy page. 
- Click on Add New Policy.
- Provide a name to the Policy Name field.
- Provide a prefix for the Databases you want to add to the policy or type * to select all.
- Provide a prefix for the table you want to add to the policy or type * to select all.
- Provide a prefix for the column you want to add to the policy or type * to select all.
- Add the ssbuser to the Select User field under the Allow Conditions setting.
- Click on the plus icon to Add Permissions to the Permissions field.
- Click on the specific permissions or Select All.
- Click on Add at the bottom of the page.You are redirected to the list of Kudu policies page where the created policy should be listed. 
- Click on + More… to check if the ssbuser is listed under the Users for the created policy.
