ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ramesh Mani <rm...@hortonworks.com>
Subject Re: Public groups in default policies
Date Fri, 26 Oct 2018 18:53:43 GMT
+1 for this.

We need to create default policy for admin users only. User ³kafka² ( part
of the service config) would be the user in that case.

Colm, do you have a patch for it? If not I can provide one.

Thanks,
Ramesh


On 10/17/18, 9:18 AM, "Colm O hEigeartaigh" <coheigea@apache.org> wrote:

>Hi all,
>
>I was testing the new support for Kafka 2.0.0 in the Ranger master code -
>I
>was surprised to see that when you create a new Kafka resource, that the
>default policies all are associated with the "public" group. That means
>that using the default policies anyone is authorized to publish/consumer
>from a topic, etc.
>
>I think it would be more secure if the default policies we associate with
>a
>resource are associated only with the admin user specified when creating
>the resource, and not the public group.
>
>Colm.
>
>
>-- 
>Colm O hEigeartaigh
>
>Talend Community Coder
>http://coders.talend.com


Mime
View raw message