Support Questions
Find answers, ask questions, and share your expertise

Why Kafka Authorization with Ranger doesn’t work ?

New Contributor

Kafka HDP version: 0.10.1

I configured an authentication SASL/PLAINTEXT with Kafka.

Then, I enable authorization Kafka with Ranger by adding property "authorizer.class.name=org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer" in Custom kafka-broker

After, I create Ranger policies for Kafka authorization:

producersrangerpolicy.png

So, I tried to execute publish/consume commands on Kafka and I obtain this error “UNKNOWN_TOPIC_OR_PARTITION”.

kafkaproducercli.png

When I look into “Audit” Access on Ranger, I don’t understand why it did not show “publish” Access Type.

auditranger.png

Please, can you help me ?

3 REPLIES 3

@LEUMENI Larissa: Can you create the topic with kafka user and then try to publish messages using alice user?

Also provide the output of :

bin/kafka-topics .sh --describe --zookeeper <zk-host>:2181 --topic my-topic

Super Collaborator

Zookeeper is the issue, but when I had the same error message it was due to a wrong configuration setting of the Zookeeper properties within the Kafka cli producer settings. The use of keytab or ticket for Kerberos wasn't ok, so you might want to check that as well, if the above tip doesn't solve the issue. The section Client { ... } is the relevant one

New Contributor

Hello, I created a new topic "test-5" with the kafka user and I published messages using alice user. I have the same Error. errorkafka.png

The output of "bin/kafka-topics.sh --describe --zookeeper hdp-kafka:2181 --topic test-5" is :

describe-topic.png

; ;