The issue of topic creation is discussed under the Kafka plugin FAQ <https://cwiki.apache.org/confluence/display/RANGER/Kafka+Plugin#KafkaPlugin-CanIauthorizertopiccreationviaRanger?>.
As to your 1st question. Firstly the Ranger Access types themselves form a hierarchy of sorts as follows: - Publish, Consume and Configure access types imply Describe. For example, if you give someone ability to Publish then you don’t need to also give describe as it is implied. - 'Kafka Admin' implies all other access types. - Refer to this part of source for details: https://github.com/apache/incubator-ranger/blob/master/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json#L30-L87 As to the mapping of kafka access types to Ranger access types: - Kafka access types Delete, Create Describe, Read and Write map to corresponding Ranger access types - Kafka access type Alter maps to Ranger Configure - Kafka access type ClusterAction maps to Ranger 'Kafka Admin’ - Refer to this part of code for details: <https://github.com/apache/incubator-ranger/blob/master/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java#L300-L317> @Lune Above information is "good to know" but may not be helpful to solve a specific problem. Is there a specific problem you are trying to solve? If you tell us about the specific use case then we could provide a relevant answer. From: Lune Silver <lunescar.ran...@gmail.com> Reply-To: "user@ranger.incubator.apache.org" <user@ranger.incubator.apache.org> Date: Thursday, February 18, 2016 at 10:40 PM To: "user@ranger.incubator.apache.org" <user@ranger.incubator.apache.org> Subject: Re: Ranger - Kafka - Permission Admin About the first question, I wanted to know at which permissions in kafka correspond the permissions listed in ranger kafka plugin. Best regards. Lune. Le 19 févr. 2016 02:20, "Arvind S" <arvind18...@gmail.com> a écrit : not sure about your 1st question.. but know for sure that "create topics" is not controlled/ governed by any ranger permission. It has to be done by a superuser. Cheers !!Arvind On Thu, Feb 18, 2016 at 8:48 PM, Lune Silver <lunescar.ran...@gmail.com> wrote: Hello ! I have a question related to the permissions for Kafka with Ranger. In the following link : https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5+-+User+Guide#ApacheRanger0.5-UserGuide-KAFKA.1 We can see a table listing the permissions. I have two questions : 1. Is it possible to have a mapping between the ranger permissions and the kafka permissions ? 2. There is no description for kafka admin permission. What does it mean ? Does it give the same permission than the ones of the kafka superuser (create topics etc...) ? Thank you in advance for your answers ! Best regards. Lune.
