Stream Security

Topics in a stream are protected from unauthorized access by the adminperm, copyperm, comsumeperm, produceperm, and topicperm security permissions. In addition, user impersonation is also supported.

ACE Permissions

The following access-control expressions (ACE) are used to protect topics in stream from unauthorized access. ACEs are set when you create or edit a stream.

adminperm
Determines which users can modify access-control expressions for a stream, set up replication of a stream, and modify other attributes of a stream.
copyperm
Determines which users can run the mapr copystream and mapr diffstreams utilities on the stream.
Users with this permission can publish messages to topics in a stream, read messages in topics from a stream, and create or remove topics in a stream. This permission is a combination consumeperm, produceperm, and topicperm.
consumeperm
Determines which users can read messages in topics from a stream.
produceperm
Determines which users can publish messages to topics in a stream.
topicperm
Determines which users can create topics in a stream or remove them.

The following example shows the adminperm, consumeperm, produceperm, and topicperm permissions on a stream named traffic_sensors, which includes the topics traffic_sensors_sf and traffic_sensors_ny.

Figure: How permissions grant or deny access to a stream

For general information about access-control expressions, see ACE Syntax.

User Impersonation

MapR Event Store For Apache Kafka supports user impersonation through the Java API. See MapR Event Store For Apache Kafka Java Applications for more information. MapR Event Store For Apache Kafka does not support user impersonation through the C API or Python API.
Note: Kafka REST supports outbound user impersonation. See User Impersonation for more information.