Security and CDC

Security for CDC is applied through Access Control Expressions (ACEs). In addition, if a secure cluster configuration is implemented, then additional setup may be needed depending on the configuration.

Access Control Expressions (ACEs)

Since Change Data Capture (CDC) changed data records are propagated from a MapR Database source table to a MapR Event Store For Apache Kafka stream topic, the access control expressions (ACEs) on the source table and destination stream are used for establishing permissions.

Once a MapR Event Store For Apache Kafka stream is created for purposes of receiving change data records, it is dedicated for that sole purpose. For example, a producer application should not perform CRUD operations on the topics in the stream.

The following permissions are applicable depending on the scenario:

  • If you are a normal user and you want to create a changelog from a source table and to a destination stream topic, the following permissions are required:
    • replperm on the source table in the source cluster
    • topicperm on the destination stream in the destination cluster
  • If you are a normal user and want to create a changelog between your own MapR Database table and someone else's stream topic, you must be granted topicperm permissions on the destination stream.
  • If you are a normal user and want to receive or read the data in a stream topic, you must be granted consumeperm permission on the destination topic.

For more information about ACEs, see Managing Access Control Expressions

Secure Clusters

The destination MapR Event Store For Apache Kafka stream could be in same cluster as the MapR Database source table or it could be on a remote MapR cluster. How the configuration is setup depends on the purpose for using CDC.