ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ramesh Mani (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (RANGER-2222) Apache RangerKafkaPlugin support to handle Kafka Cluster as a new resource
Date Fri, 05 Oct 2018 01:07:00 GMT

     [ https://issues.apache.org/jira/browse/RANGER-2222?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Ramesh Mani updated RANGER-2222:
--------------------------------
    Attachment:     (was: 0001-RANGER-2222-Apache-RangerKafkaPlugin-support-to-hand.patch)

> Apache RangerKafkaPlugin support to handle Kafka Cluster as a new resource
> --------------------------------------------------------------------------
>
>                 Key: RANGER-2222
>                 URL: https://issues.apache.org/jira/browse/RANGER-2222
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: 2.0.0
>            Reporter: Ramesh Mani
>            Assignee: Ramesh Mani
>            Priority: Major
>         Attachments: 0001-RANGER-2222-Apache-RangerKafkaPlugin-support-to-hand.patch
>
>
> Currently, cluster resource permissions are exposed in Ranger with Topic resource as
*. This is not the right convention as cluster resource is not a super set including topic
resources.
> Cluster resource permissions:
> Alter
> AlterConfigs
> ClusterAction
> Create
> Describe
> DescribeConfigs
> IdempotentWrite
> Topic resource operations:
> Alter
> AlterConfigs
> Create
> Delete
> Describe
> DescribeConfigs
> Read
> Write
> Users should be able to define policies with cluster resource and topic resource with
respective permissions. Names of some of the permissions are same in topic and cluster but
they are meant for the different purpose.
> Example: AlterConfigs on the topic resource is about altering configs of a topic only
but AlterConfigs permission on Custer resource is meant for altering configs on the broker.
> Upgrading cluster should upgrade existing policies in to topic and cluster resource level
policies with respective permissions. I believe that the default policy that is getting created
would address this.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message