ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Selvamohan Neethiraj (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (RANGER-783) Default policy created during service creation for a Kafka service should better support non-secure kafka cluster
Date Wed, 03 Feb 2016 16:53:39 GMT

     [ https://issues.apache.org/jira/browse/RANGER-783?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Selvamohan Neethiraj updated RANGER-783:
----------------------------------------
    Fix Version/s:     (was: 0.5.1)

> Default policy created during service creation for a Kafka service should better support
non-secure kafka cluster
> -----------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-783
>                 URL: https://issues.apache.org/jira/browse/RANGER-783
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>    Affects Versions: 0.5.0
>            Reporter: Alok Lal
>            Assignee: Alok Lal
>             Fix For: 0.6.0
>
>
> Whenever a new Kafka service is added a default policy is also added granting the Kafka
service user all privileges on all topics.  This is done to ensure that inter-broker communication
(which is also seen and authorized by the authorizer) can work properly.  This approach works
well for secure kafka clusters authorized by Ranger.
> Kafka authorization, however, is now supported for both secure and non-secure deployments!
 Since user name received by the kafka authorizer in non-secure mode is the string {{ANONYMOUS}}
even for inter-broker traffic, default policy should refer to {{public}} user group instead
of referring to username  (usually "kafka") provided in the service configuration.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message