Security and CDC

Security for CDC is applied through Access Control Expressions (ACEs). In addition, if a secure cluster configuration is implemented, then additional setup may be needed depending on the configuration.

Access Control Expressions (ACEs)

Since Change Data Capture (CDC) changed data records are propagated from a MapR-DB source table to a MapR-ES stream topic, the access control expressions (ACEs) on the source table and destination stream are used for establishing permissions.

Once a MapR-ES stream is created for purposes of receiving change data records, it is dedicated for that sole purpose. For example, a producer application should not perform CRUD operations on the topics in the stream.

The following permissions are applicable depending on the scenario:

  • If you are a normal user and you want to create a changelog from a source table and to a destination stream topic, the following permissions are required:
    • replperm on the source table in the source cluster
    • topicperm on the destination stream in the destination cluster
  • If you are a normal user and want to create a changelog between your own MapR-DB table and someone else's stream topic, you must be granted topicperm permissions on the destination stream.
  • If you are a normal user and want to receive or read the data in a stream topic, you must be granted consumeperm permission on the destination topic.

For more information about ACEs, see Managing Access Control Expressions

Secure Clusters

The destination MapR-ES stream could be in same cluster as the MapR-DB source table or it could be on a remote MapR cluster. How the configuration is setup depends on the purpose for using CDC.