Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ranger not auditing and not appliyng policies in HDF Kafka

Ranger not auditing and not appliyng policies in HDF Kafka

Guru

Hello,

I setup HDF 3 including Ranger and Kerberos...everything's green in Ambari so far.

Ranger plugins for Kafka and NiFi have been enabled and in RangerUI I can see the default policy for Kafka has been created and some audit entries are there, see below

27481-audit-entries.png

The problem now is, that I can list and describe Kafka topics with my user account, although it is not allowed by Ranger ACL , and I do not even see any entry in Audit log for the accesses under my own user account.

It looks like Ranger ACLs doesn't get applied to Kafka at all, no idea why ?!?!

I create a dedicated policy for Topic 'foo', just granting my user 'consume' access =>

27482-foo-policy.png

In a terminal I can still 'describe' that topic, and in ranger audit there is NO entry for that access =>

27483-console-describe-topic.png

Any ideas why access is still allowed and why there is no audit being recorded ?!?!

PS: in RangerUI the Kafka policy is shown as updated.....it updates right after being updated

1 REPLY 1

Re: Ranger not auditing and not appliyng policies in HDF Kafka

New Contributor

Did you ever solve this?

Don't have an account?
Coming from Hortonworks? Activate your account here