With E-MapReduce 3.12.0 and later, Kafka allows you to configure permissions with Ranger.
Integrate Ranger into Kafka
To integrate Ranger into Kafka, complete the following steps:
- Enable Kakfa Plugin
- On the Cluster Management page, click Ranger in the service list to enter the Ranger Management page. Click Operation in the upper-right corner and select Enable Kafka PLUGIN.
- You can check the progress by clicking View Operation History in the upper-right corner of the page.
- On the Cluster Management page, click Ranger in the service list to enter the Ranger Management page. Click Operation in the upper-right corner and select Enable Kafka PLUGIN.
- Restart Kafka broker
After enabling the Kafka plugin, you must restart the broker to make it take effect.
- On the Cluster Management page, click the inverted triangle icon behind RANGER in the upper-left corner to switch to Kafka.
- Click Actions in the upper-right corner of the page and select RESTART Broker.
- You can check the progress by clicking View Operation History in the upper-right corner of the page.
- Add Kafka service on the Ranger WebUI
For more information about how to go to the Ranger WebUI, see Ranger Introduction.
Add the Kafka service on the WebUI:
Configure the Kafka service:
Configure permissions
After integrating Ranger into Kafka, you can set the relevant permissions.
Notice In a standard cluster, Ranger automatically generates the
all - topic rule after the Kafka service is added. This rule indicates that there are no restrictions on permissions. All users can perform all actions. In this case, Ranger cannot identify permissions through the user.
Here, user_test is used as an example to add the Publish permission:
After you add a policy, the permissions are granted to the
test user. This user can then perform the write operation for
test.
Note The policy takes effect one minute later after it is added.