Configuring Ranger policies for Flink
You must add Flink users to the Ranger policies that are used by Kafka, Schema Registry, and Kudu to provide access to topics, schemas and tables provided by the components.
Before you begin
Install Apache Ranger on your cluster. For more information, see the Production Installation documentation.
- Go to your cluster in Cloudera Manager.
- Select Ranger from the list of services.
- Click on Ranger Admin Web UI.
You are redirected to the Ranger Service Manager.
- Create a Flink user group in the Ranger Service Manager.
- Click Settings > Users/Groups/Roles.
- Select Groups tab.
- Clink on Add New Group.
- Provide a Name to the group and a Description.
- Click Save.
- Add new users to the Flink group.
- Click Settings > Users/Groups/Roles.
- Select Users tab.
- Clink on Add New User.
- Provide the basic information about the user.
- Select a Role to the user.
- Select the created Flink group.
- Click Save.
Adding Flink group to Kafka policies
- all-consumergroup
- all-topic
- Select cm_kafka from the Service Manager home page on the Ranger
Admin Web UI.
You are redirected to the list of Kafka policies page.
- Click on the edit button of the all-consumergroup policy.
- Add the Flink group to the Select Group field under the Allow Conditions setting.
- Click Save.
You are redirected to the list of Kafka policies page
- Click on + More… to check if the Flink group is listed under the Groups for the consumergroup policy.
- Add the Flink user to the following policy with the above steps as well:
- all-topic
Adding Flink group to Schema Registry policies
- all-schema-group, schema-metadata, schema-branch, schema-version
- Select cm_schema-registry from the Service Manager home page on
the Ranger Admin Web UI.
You are redirected to the list of Schema Registry policies page.
- Click on the edit button of the all-schema-group, schema-metadata, schema-branch, schema-version policy.
- Add the Flink user to the Select Group field under the Allow Conditions setting.
- Click Save.
You are redirected to the list of Schema Registry policies page.
- Click on + More… to check if the Flink group is listed under the Groups for the schema-group, schema-metadata, schema-branch, schema-version policy.
Adding Flink group to Kudu policies
You must create a policy to grant access to Kudu tables for the Flink group.
- Select cm_kudu from the Service Manager home page on the Ranger
Admin Web UI.
You are redirected to the Create Policy page.
- Click on Add New Policy.
- Provide a name to the Policy Name field.
- Provide a prefix for the Databases you want to add to the policy or select all by typing *.
- Provide a prefix for the table you want to add to the policy or select all by typing *.
- Provide a prefix for the column you want to add to the policy or select all by typing *.
- Add the Flink user to the Select User field under the Allow Conditions setting.
- Click on the plus icon to Add Permissions to the Permissions field.
- Click on the specific permissions or Select All.
- Click on Add at the bottom of the page.
You are redirected to the list of Kudu policies page where the created policy should be listed.
- Click on + More… to check if the Flink group is listed under the Groups for the created policy.