[
https://issues.apache.org/jira/browse/RANGER-783?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Selvamohan Neethiraj updated RANGER-783:
----------------------------------------
Fix Version/s: (was: 0.5.1)
> Default policy created during service creation for a Kafka service should
> better support non-secure kafka cluster
> -----------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-783
> URL: https://issues.apache.org/jira/browse/RANGER-783
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Affects Versions: 0.5.0
> Reporter: Alok Lal
> Assignee: Alok Lal
> Fix For: 0.6.0
>
>
> Whenever a new Kafka service is added a default policy is also added granting
> the Kafka service user all privileges on all topics. This is done to ensure
> that inter-broker communication (which is also seen and authorized by the
> authorizer) can work properly. This approach works well for secure kafka
> clusters authorized by Ranger.
> Kafka authorization, however, is now supported for both secure and non-secure
> deployments! Since user name received by the kafka authorizer in non-secure
> mode is the string {{ANONYMOUS}} even for inter-broker traffic, default
> policy should refer to {{public}} user group instead of referring to username
> (usually "kafka") provided in the service configuration.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
