Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to use Ranger to control Kafka users access over ssh?

How to use Ranger to control Kafka users access over ssh?

New Contributor

I have a question about creating users and groups across the sandbox-hdp.hortonworks.com single node cluster. I found that the accounts across different applications on ambari are disconnected, e.g. Ranger, Atlas and ssh Kafka.

I've used Ranger over to create a few users and groups

e.g.

user "usr1" in user group "grp1"

user "usr2" in user group "grp2"

Then in Kafka over ssh (logged in as root@127.0.0.1), how can I link "usr1", "grp1", "usr2", "grp2" to the terminal, since I only have the account "root"? What I'm trying to do is to use Ranger to set "grp1" users for both access to produce and consume all topics, while "grp2" has limited access to topics, producing or consuming messages.

Then in Atlas, since the user credentials are controlled by /usr/hdp/<version>/altas/user-credentials.xml instead of being controlled by Ranger, how to import "usr1", "grp1", "usr2", "grp2" from Ranger to Atlas? What I'm trying to do is "grp1" users have more permissions to view (i.e. read access) to all Kafka topic entities, while "grp2" users only have read access to limited topics.

Don't have an account?
Coming from Hortonworks? Activate your account here