Apache Ranger provides a centralized permission management framework that can implement fine-grained access control on Kafka data. Apache Ranger also provides a web UI for administrators to conveniently perform operations.

Add the Ranger service to a cluster

  • When you create a Kafka cluster, select Ranger from the optional services in the E-MapReduce (EMR) console.create_kafka
  • If you have created a Kafka cluster, click Add Service in the upper-right corner of the Status tab on the Clusters and Services page. In the Add Service dialog box, select RANGER and click OK.add_service

Access the Ranger UI

  1. Check configurations.

    Before you access the Ranger UI, ensure that a security group is configured, which indicates that you are allowed to access the Hadoop cluster on the current network. For more information, see Access open-source components.

  2. Log on to the Ranger UI.
    1. Log on to the Alibaba Cloud E-MapReduce console.
    2. Click the Cluster Management tab.
    3. Find the target cluster and click Details in the Actions column.
    4. In the left-side navigation pane, click Access Links and Ports.
    5. On the Access Links and Ports page that appears, click the link for RANGER UI.
    6. On the Ranger UI logon page, log on with the default username (admin) and password.Ranger UI
  3. Change the password.
    1. When you log on to the Ranger UI for the first time, click Settings in the top navigation bar.Change password
    2. Change the password of the admin user.Change password
    3. In the upper-right corner, choose admin > Log Out.

      Log on to the Ranger UI with the new password.

Manage users

You can use Ranger to manage the permissions of users or user groups, which include users and user groups from an LDAP server (recommended) or the local UNIX system.