Apache Ranger provides a centralized permission management framework that can implement fine-grained access control on Kafka data. Apache Ranger also provides a web UI for administrators to conveniently perform operations.
Add the Ranger service to a cluster
- When you create a Kafka cluster, select Ranger from the optional services in the E-MapReduce
(EMR) console.
- If you have created a Kafka cluster, click Add Service in the upper-right corner of
the Status tab on the Clusters and Services page. In the Add Service dialog box, select RANGER and click OK.
Access the Ranger UI
- Check configurations.
Before you access the Ranger UI, ensure that a security group is configured, which indicates that you are allowed to access the Hadoop cluster on the current network. For more information, see Access open-source components.
- Log on to the Ranger UI.
- Log on to the Alibaba Cloud E-MapReduce console.
- Click the Cluster Management tab.
- Find the target cluster and click Details in the Actions column.
- In the left-side navigation pane, click Access Links and Ports.
- On the Access Links and Ports page that appears, click the link for RANGER UI.
- On the Ranger UI logon page, log on with the default username (admin) and password.
- Change the password.
- When you log on to the Ranger UI for the first time, click Settings in the top navigation bar.
- Change the password of the admin user.
- In the upper-right corner, choose
Log on to the Ranger UI with the new password.
.
- When you log on to the Ranger UI for the first time, click Settings in the top navigation bar.
Manage users
You can use Ranger to manage the permissions of users or user groups, which include users and user groups from an LDAP server (recommended) or the local UNIX system.
- Interconnect Ranger Admin with an LDAP server
For more information, see Integrate Ranger Admin with an LDAP server.
- Integrate Ranger UserSync with an LDAP server
For more information, see Integrate Ranger UserSync with an LDAP server.