Stream Security

Topics in a stream are protected from unauthorized access by the adminperm, copyperm, comsumeperm, produceperm, and topicperm security permissions. In addition, user impersonation is also supported.

ACE Permissions

The following access-control expressions (ACE) are used to protect topics in stream from unauthorized access. ACEs are set when you create or edit a stream.

adminperm
Determines which users can modify access-control expressions for a stream, set up replication of a stream, and modify other attributes of a stream.
copyperm
Determines which users can run the mapr copystream and mapr diffstreams utilities on the stream.
Users with this permission can publish messages to topics in a stream, read messages in topics from a stream, and create or remove topics in a stream. This permission is a combination consumeperm, produceperm, and topicperm.
consumeperm
Determines which users can read messages in topics from a stream.
produceperm
Determines which users can publish messages to topics in a stream.
topicperm
Determines which users can create topics in a stream or remove them.

The following example shows the adminperm, consumeperm, produceperm, and topicperm permissions on a stream named traffic_sensors, which includes the topics traffic_sensors_sf and traffic_sensors_ny.

Figure: How permissions grant or deny access to a stream

For general information about access-control expressions, see ACE Syntax.

User Impersonation

MapR-ES supports user impersonation through the Java API. See MapR-ES Java Applications for more information. MapR-ES does not support user impersonation through the C API or Python API.
Note: Kafka REST supports outbound user impersonation. See User Impersonation for more information.