Neeraj - I followed the original article and having some issue. I noticed that once I add the group "Public" in ranger policies without adding ip address in policy condition user are able to publish and consumer from any host. This is what i did. HDP Version: HDP-2.3.4.0-3485 -- Enables Kafka plugin in Ranger. -- Restarted Ranger -- Create following policies in Ranger ( see the image ) ( Important : Added group Public left policy condition blank ) -- Logged in to server 21 to Produce and consume message's -- I was able to produce and consume messages from any server . What we want is to secure our Kafka environment through ranger by ip address. I understand that the identity of client user over a non-secure channel is not possible. I followed the following article to secure or Kafka environment. https://cwiki.apache.org/confluence/display/RANGER/Kafka+Plugin#KafkaPlugin-WhydowehavetospecifypublicusergrouponallpoliciesitemscreatedforauthorizingKafkaaccessovernon-securechannel Please let me know what I am missing. ... View more

I am having similar issue We have non Kerberiozed Hadoop Kafka environment . I am testing integrating Ranger Kafak to secure the environment. HDP Version: HDP-2.3.4.0-3485 This is what I did. -- Enables Kafka plugin in Ranger. -- Restarted Ranger -- Create following policies in Ranger ( see the image ) ( Important : Added group Public left policy condition blank ) -- Logged in to server 21 to Produce and consume message's -- I was able to produce and consume messages from any server . What we want is to secure our Kafka environment through ranger by ip address. I understand that the identity of client user over a non-secure channel is not possible. I followed the following article to secure or Kafka environment. https://cwiki.apache.org/confluence/display/RANGER/Kafka+Plugin#KafkaPlugin-WhydowehavetospecifypublicusergrouponallpoliciesitemscreatedforauthorizingKafkaaccessovernon-securechannel Please let me know what I am missing. ... View more