Kafka Connect Ranger integration

Learn about how the Kafka Connect authorization model is integrated with Ranger.

If Ranger authorization is enabled for the Kafka service and you have Kerberos and SPNEGO authentication enabled for Kafka Connect, you have the ability to set up fine grained access to the Kafka Connect REST API using the Ranger console.

This means that you can create policies and limit what operations an authenticated user is permitted to carry out. Policies that are set up are valid for any user that accesses the Kafka Connect REST API. This includes direct REST API access as well as access through Streams Messaging Manager (SMM).

If a user tries to carry out an operation on a resource that they do not have permission for, the REST API returns an error. For more information on the specific error messages, see Kafka Connect authorization model. In SMM the policies control what UI operations are available for the user. For example, if a user does not have access rights to view select connectors, those connectors are not shown when logged in to the SMM UI. Similarly, if a user for example does not have the rights to create connectors, the New Connector option is not be available for the user.