Good advice, thanks. ... View more

@Neeraj Sabharwa OK ,thanks. ... View more

@Neeraj Sabharwal Sure,it`s still could run the job when I disable kafka policy. ... View more

Hi @Neeraj Sabharwal, it`s right that failing on authorization, but it is suppose to be authorized by Ranger right? it`s so weird that Ranger cannot control the Publish or Consume actions. ... View more

Hi @Artem Ervits, It`s still not resolved yet,I`m trying to figure out the solution soon,once I find out the solution I`ll provide solution or accept best answer. ... View more

More precisely, after enabling ranger for solr, it should be create a repository in ranger admin UI automatically ... View more

Hi @bdurai, I did not observe any information about kafka in Audit(Access); However, after I add a property "authorizer.class.name=org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer" in Custom kafka-broker and executed Publish action,Audit Access could appeared information as below(why it did not show "publish" Access Type): In addition, it get some error when I executed Publish action: ... View more

I used HDP2.3.4 with ip address ranger: after set up the policy,then I went to 140.92.27.89 command line to change user to kafka, executing Publish and Consume actions,but it still did not deny.., ... View more

@Artem Ervits yes I turned off the global policy for Kafka, but it did not work. ... View more

very thanks for @Neeraj Sabharwal `s response in advance, 1. I have a little confused about how to setting the ip address ranger, am I suppose to specify namenode host ip? 2. What about earlier version of HDP like 2.3.0? ... View more

Executing consume/publish steps: Step1: connect to kafka-broker server step2: changer user $ su kafka step3: go to bin folder $ cd /usr/hdp/2.3.0.0-2557/kafka/bin step4: create a topic $ ./kafka-topics.sh --create --zookeeper {hostname}:2181 --replication-factor 1 --partitions 1 --topic test step5: execute publish message $ ./kafka-console-producer.sh --broker-list {hostname}:6667--topic test This is a test message //it should be denied right? step6: execute consume message $ ./kafka-console-consumer.sh --zookeeper {hostname}:2181 --topic test --from-beginning //it also should be denied? ... View more

BTW, the following steps are how I enabled ranger for kafka and executed Publish/Consume actions: 1. In kafka Configs > Advanced ranger-kafka-aduit > enable "Audit to DB" and changed value of "xasecure.audit.destination.hdfs.dir" to "hdfs://140.92.XX.XX:8020/ranger/audit" 2. Configs > Advanced ranger-kafka-plugin-properties > enable "Enable Ranger for KAFKA" 3. save changes and restart KAFKA 4. go to Ranger admin UI and I saw the repository of kafka has been created automatically ... View more

Hi @Neeraj Sabharwal, I still can not deny Publish and Consume actions,my policy setting as below: my environment is not a kerberized cluster and also I did not observe any records in Access of Audit,any suggestion? thanks. ... View more

Is it correct that the kafka and ranger must be in the kerberized cluster environment? ... View more

I found in "ambari-web/app/models/stack_service.js" that we could comment out the "doNotShowAndInstall" function in order to show up Ranger or Ranger KMS in first installation. ... View more

I will check for it, too ... View more

What is it mean? Could you give me an example thanks. ... View more

It`s supposes to be "org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer" right? ... View more

I will check for it ... View more