+1 for this. We need to create default policy for admin users only. User ³kafka² ( part of the service config) would be the user in that case.
Colm, do you have a patch for it? If not I can provide one. Thanks, Ramesh On 10/17/18, 9:18 AM, "Colm O hEigeartaigh" <cohei...@apache.org> wrote: >Hi all, > >I was testing the new support for Kafka 2.0.0 in the Ranger master code - >I >was surprised to see that when you create a new Kafka resource, that the >default policies all are associated with the "public" group. That means >that using the default policies anyone is authorized to publish/consumer >from a topic, etc. > >I think it would be more secure if the default policies we associate with >a >resource are associated only with the admin user specified when creating >the resource, and not the public group. > >Colm. > > >-- >Colm O hEigeartaigh > >Talend Community Coder >http://coders.talend.com
