Support Questions

bensonshih · ‎01-14-2016

In kafka, I tried to execute consume/publish command with disabled all policies of Ranger, it did not deny both consume/publish behavior. Did I miss any configuration setting of kafka or misunderstanding something else?

bensonshih · ‎02-15-2016

Here are some steps of enable ranger for kafka and works fine with HDP2.3.4 and Ranger 0.5.0:

1.) Enable kerberos server for cluster.

2.) In Ambari server, go to Kafka`s Configs > Advanced ranger-kafka-plugin-properties , click "Enable Ranger for Kafka".

3.) Go to Configs > Custom kafka-broker , change value of "authorizer.class.name" to "org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer".

4.) Save changes and restart kafka component.

5.) Go to Ranger admin UI, then disable all policies of kafka.

6.) It should be deny Publish/Consume actions now.

View solution in original post

bensonshih · ‎02-03-2016

@Neeraj Sabharwal Sure,it`s still could run the job when I disable kafka policy.

nsabharwal · ‎02-03-2016

@Benson Shih then I guess Ranger policy is working 🙂

aervits · ‎02-02-2016

@Benson Shih is this issue resolved? Can you accept best answer or provide your own solution?

bensonshih · ‎02-03-2016

Hi @Artem Ervits,

It`s still not resolved yet,I`m trying to figure out the solution soon,once I find out the solution I`ll provide solution or accept best answer.

nsabharwal · ‎02-03-2016

@Benson Shih I will be working on the demo. Let's connect...Add me on linkedin plz

bensonshih · ‎02-03-2016

@Neeraj Sabharwa

OK ,thanks.

ashaver · ‎02-10-2016

Hi @Neeraj Sabharwal I would also be very interested in seeing the use case demo for this, thanks!

bensonshih · ‎02-15-2016

Here are some steps of enable ranger for kafka and works fine with HDP2.3.4 and Ranger 0.5.0:

1.) Enable kerberos server for cluster.

2.) In Ambari server, go to Kafka`s Configs > Advanced ranger-kafka-plugin-properties , click "Enable Ranger for Kafka".

3.) Go to Configs > Custom kafka-broker , change value of "authorizer.class.name" to "org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer".

4.) Save changes and restart kafka component.

5.) Go to Ranger admin UI, then disable all policies of kafka.

6.) It should be deny Publish/Consume actions now.

nsabharwal · ‎02-15-2016

@Benson Shih This works BUT I was under the impression that you are looking for solution for non kerberos environment.

nsabharwal · ‎02-15-2016

@Benson Shih @bdurai

Benson, Take a look on this

You don't have to have kerberos to control Kafka authorization.

HDP 2.3.4

Cloudera Community

Support Questions

Ranger policy malfunction in kafka