Yes. you can control access by ip-address.
No, one can’t use user/group based access to authorize Kafka access over a non-secure channel. This is because it isn't possible to assert client’s identity over the non-secure channel.
Please take time to read the original article.
Neeraj - I followed the original article and having some issue. I noticed that once I add the group "Public" in ranger policies without adding ip address in policy condition user are able to publish and consumer from any host.
This is what i did.
HDP Version: HDP-126.96.36.199-3485
-- Enables Kafka plugin in Ranger.
-- Restarted Ranger
-- Create following policies in Ranger ( see the image ) ( Important : Added group
Public left policy condition blank )
-- Logged in to
server 21 to Produce and consume message's
-- I was able to produce and consume messages from any
What we want is to secure our Kafka environment through
ranger by ip address. I understand that the identity of client user over a
non-secure channel is not possible.
I followed the following article to secure or Kafka environment.
Please let me know what I am missing.