With E-MapReduce 3.12.0 and later, Kafka allows you to configure permissions with Ranger.
Integrate Ranger into Kafka
To integrate Ranger into Kafka, complete the following steps:
- Enable Kafka Plugin
- On theCluster Management page, click Ranger in the service list to enter the Ranger Management page. Click Operation in the upper-right corner and select Enable Kafka PLUGIN.
- You can check the progress by clicking View Operation Historyin the upper-right corner of the page.
- On theCluster Management page, click Ranger in the service list to enter the Ranger Management page. Click Operation in the upper-right corner and select Enable Kafka PLUGIN.
- Restart Kafka broker
After enabling the Kafka plugin, you must restart the broker to make it take effect.
- On the Cluster Management page, click the inverted triangle icon behind RANGER in the upper-left corner to switch to Kafka.
- Click Actionsin the upper-right corner of the page and select RESTART Broker.
- You can check the progress by clicking View Operation Historyin the upper-right corner of the page.
- Add Kafka service on the Ranger WebUI
For more information about how to go to the Ranger WebUI, see Ranger Introduction.
Add the Kafka service on the WebUI:
Configure the Kafka service:
Configure permissions
After integrating Ranger into Kafka, you can set the relevant permissions.
Notice In a standard cluster, Ranger automatically generates the all - topic rule after the Kafka service is added. This rule indicates that there are no restrictions
onpermissions. All users can perform all actions. In this case, Ranger cannot identify
permissions through the user.
Here, user_test is used as an example to add the Publish permission:
After you add a policy, the permissions are granted to the test user. This user can then perform the write operation fortest.
Note The policy takes effect one minute later after it is added.