Cloudera Docs

Updating Ranger Users

Before you can launch SMM, you must manually add a user to Ranger, add the user to Ranger Policies for the Kafka service, and add the SMM user to the Ranger Policy for Kafka. Additionally, if the SSL is enabled for Ranger, you must add the Ranger plugin SSL CLName configuration value.

  1. Add a User to Ranger.
    1. From the Ranger UI, go to Settings, then Users/Groups, and ensure that the Users tab is selected.
    2. Click Add New User.
    3. Provide the user name. This user name is derived from the streams_messaging_manger_principal_name you set during the Ambari Kerberos configuration. For example: streamsmsgmgr-cluster-smm.
    4. For the Role, select User. For the Group, select hadoop, streamsmsgmgr, and ranger.
    5. Click Save.
  2. Add user to Ranger Policy for Kafka Service.
    1. From Ranger UI, Service Manager, in the Kafka service pane, click the hyperlink (cluster-name_kafka).
    2. Add the SMM user to both policies. Select the edit policies icon, and from Allow Conditions, add the SMM user to the Select User field. Also add sreamsmsgmgr user, if it does not already exist.
  3. Add SMM user to Ranger Policy for Kafka.
    1. From the Ranger UI, Services Manager, and select the Edit icon for the Kafka service.
    2. Add the streamsmsgmgr-cluster-smm user name to the following two configuration values:
      • policy.download.auth.users
      • tag.download.auth.users
  4. (If SSL is enabled for Ranger) Update the Ranger plugin SSL CLName. Go to Config Properties | Ranger plugin SSL CLName. For example: Kafka Client. The CLName is the value you set up when generating your Ranger Admin SSL certificate.