vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/component-operation-guide/mrs_01_1861.html
Yang, Tong 6182f91ba8 MRS component operation guide_normal 2.0.38.SP20 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2022-12-09 14:55:21 +00:00

232 lines
44 KiB
HTML
Raw Blame History

<a name="mrs_01_1861"></a><a name="mrs_01_1861"></a>
<h1 class="topictitle1">Adding a Ranger Access Permission Policy for Kafka</h1>
<div id="body1595917975679"><div class="section" id="mrs_01_1861__section1683414032615"><h4 class="sectiontitle">Scenario</h4><p id="mrs_01_1861__p17816144492615">The <span id="mrs_01_1861__ph1389213457234">Ranger</span><span id="mrs_01_1861__ph733184682310"> </span>administrator can use Ranger to configure the read, write, and management permissions of the Kafka topic and the management permission of the cluster for the Kafka user. This section describes how to add the production permission of the <strong id="mrs_01_1861__b6851120185212">test</strong> topic for the <strong id="mrs_01_1861__b15851152075219">test</strong> user.</p>
</div>
<div class="section" id="mrs_01_1861__section11493172153315"><h4 class="sectiontitle">Prerequisites</h4><ul id="mrs_01_1861__ul5357197143515"><li id="mrs_01_1861__li735717193519">The Ranger service has been installed and is running properly.</li><li id="mrs_01_1861__li19563173342811">You have created users, user groups, or roles for which you want to configure permissions.</li></ul>
</div>
<div class="section" id="mrs_01_1861__section1582416525267"><h4 class="sectiontitle">Procedure</h4><ol id="mrs_01_1861__ol15426323102911"><li id="mrs_01_1861__li13147231112419"><span>Log in to the Ranger management page.</span></li><li id="mrs_01_1861__li18658932173820"><span>On the home page, click the component plug-in name in the <strong id="mrs_01_1861__b4461195095217">KAFKA</strong> area, for example, <strong id="mrs_01_1861__b13467350125217">Kafka</strong>.</span></li><li id="mrs_01_1861__li62151559132918"><span>Click <strong id="mrs_01_1861__b74991656185216">Add New Policy</strong> to add a Kafka permission control policy.</span></li><li id="mrs_01_1861__li2838111393019"><span>Configure the following parameters based on the service demands.</span><p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_1861__table13041634123020" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Kafka permission parameters</caption><thead align="left"><tr id="mrs_01_1861__row33045341301"><th align="left" class="cellrowborder" valign="top" width="26.16%" id="mcps1.3.3.2.4.2.1.2.3.1.1"><p id="mrs_01_1861__p250385903017">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="73.83999999999999%" id="mcps1.3.3.2.4.2.1.2.3.1.2"><p id="mrs_01_1861__p1750345915308">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_1861__row855519388569"><td class="cellrowborder" valign="top" width="26.16%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1861__p455513382568">Policy Type</p>
</td>
<td class="cellrowborder" valign="top" width="73.83999999999999%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1861__p555583845614">Access type.</p>
</td>
</tr>
<tr id="mrs_01_1861__row1352143814519"><td class="cellrowborder" valign="top" width="26.16%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1861__p119259713409">Policy Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="73.83999999999999%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1861__p9935105714451">IP address filtering policy, which can be customized. You can enter one or more IP addresses or IP address segments. The IP address can contain the wildcard character (*), for example, <strong id="mrs_01_1861__b620615363163">192.168.1.10</strong>,<strong id="mrs_01_1861__b1120693631614">192.168.1.20</strong>, or <strong id="mrs_01_1861__b3207113611613">192.168.1.*</strong>.</p>
</td>
</tr>
<tr id="mrs_01_1861__row1128111208322"><td class="cellrowborder" valign="top" width="26.16%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1861__p1469114120417">Policy Name</p>
</td>
<td class="cellrowborder" valign="top" width="73.83999999999999%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1861__p1920572416251">Policy name, which can be customized and must be unique in the service.</p>
</td>
</tr>
<tr id="mrs_01_1861__row330483473019"><td class="cellrowborder" valign="top" width="26.16%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1861__p196910112228">Policy Label</p>
</td>
<td class="cellrowborder" valign="top" width="73.83999999999999%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1861__p5695112225">A label specified for the current policy. You can search for reports and filter policies based on labels.</p>
</td>
</tr>
<tr id="mrs_01_1861__row10304163418303"><td class="cellrowborder" valign="top" width="26.16%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1861__p195031559193017">topic</p>
</td>
<td class="cellrowborder" valign="top" width="73.83999999999999%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1861__p20503115923017">Name of the topic applicable to the current policy. You can enter multiple values. The value can contain wildcards, such as <strong id="mrs_01_1861__b1848444119537">test</strong>, <strong id="mrs_01_1861__b16484441185312">test*</strong>, and <strong id="mrs_01_1861__b10485124135312">*</strong>.</p>
<p id="mrs_01_1861__p99402217306">The <span class="parmname" id="mrs_01_1861__parmname199421253255"><b>Include</b></span> policy applies to the current input object, and the <span class="parmname" id="mrs_01_1861__parmname1994832522511"><b>Exclude</b></span> policy applies to objects other than the current input object.</p>
</td>
</tr>
<tr id="mrs_01_1861__row0216030173315"><td class="cellrowborder" valign="top" width="26.16%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1861__p15697173210192">Description</p>
</td>
<td class="cellrowborder" valign="top" width="73.83999999999999%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1861__p1869773261914">Policy description.</p>
</td>
</tr>
<tr id="mrs_01_1861__row130463413301"><td class="cellrowborder" valign="top" width="26.16%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1861__p898812379471">Audit Logging</p>
</td>
<td class="cellrowborder" valign="top" width="73.83999999999999%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1861__p18988437174719">Whether to audit the policy.</p>
</td>
</tr>
<tr id="mrs_01_1861__row18304133403012"><td class="cellrowborder" valign="top" width="26.16%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1861__p5304134113010">Allow Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="73.83999999999999%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1861__p2150185173119">Permission and exception conditions allowed by a policy. The priority of an exception condition is higher than that of a normal condition.</p>
<p id="mrs_01_1861__p3943134320378">In the <strong id="mrs_01_1861__b10596131520546">Select Role</strong>, <strong id="mrs_01_1861__b760141595414">Select Group</strong>, and <strong id="mrs_01_1861__b1560111153545">Select User</strong> columns, select the role, user group, or user to which you want to assign permissions.</p>
<p id="mrs_01_1861__p276554473717">Click <strong id="mrs_01_1861__b92824413161">Add Conditions</strong>, add the IP address range to which the policy applies, and click <strong id="mrs_01_1861__b7753114719169">Add Permissions</strong> to add corresponding permissions.</p>
<ul id="mrs_01_1861__ul615075143113"><li id="mrs_01_1861__li15150195113117">Publish: production permission</li><li id="mrs_01_1861__li171501451193115">Consume: consumption permission</li><li id="mrs_01_1861__li21501451173117">Describe: query permission</li><li id="mrs_01_1861__li815015515316">Create: topic creation permission</li><li id="mrs_01_1861__li1015019513318">Delete: topic deletion permission</li><li id="mrs_01_1861__li141505516317">Describe Configs: configuration query permission</li><li id="mrs_01_1861__li4570228202710">Alter: permission to change the number of partitions of a topic.</li><li id="mrs_01_1861__li121505513318">Alter Configs: configuration modification permission</li><li id="mrs_01_1861__li1663701573417">Select/Deselect All: Select or deselect all.</li></ul>
<p id="mrs_01_1861__p1545113122150">To add multiple permission control rules, click <span><img id="mrs_01_1861__image341133521514" src="en-us_image_0000001349289369.png"></span>.</p>
<p id="mrs_01_1861__p8404164411">If users or user groups in the current condition need to manage this policy, select <strong id="mrs_01_1861__b1360161165512">Delegate Admin</strong>. These users will become the agent administrators. The agent administrators can update and delete this policy and create sub-policies based on the original policy.</p>
</td>
</tr>
<tr id="mrs_01_1861__row43041334133011"><td class="cellrowborder" valign="top" width="26.16%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1861__p155351440143214">Deny Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="73.83999999999999%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1861__p1453514405325">Policy rejection condition, which is used to configure the permissions and exceptions to be denied in the policy. The configuration method is the same as that of <strong id="mrs_01_1861__b7819182995512">Allow Conditions</strong>. The priority of the rejection condition is higher than that of the allowed conditions configured in <strong id="mrs_01_1861__b382452985516">Allow Conditions</strong>.</p>
</td>
</tr>
</tbody>
</table>
</div>
<p id="mrs_01_1861__p39012943315">For example, to add the production permission for the <strong id="mrs_01_1861__b147078353558">test</strong> topic of user <strong id="mrs_01_1861__b971223535511">testuser</strong>, configure the following information:</p>
<div class="fignone" id="mrs_01_1861__fig16585143921319"><span class="figcap"><b>Figure 1 </b>Kafka permission parameters</span><br><span><img id="mrs_01_1861__image155851939131318" src="en-us_image_0000001389467018.png"></span></div>
<div class="p" id="mrs_01_1861__p328016010397">
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_1861__table25376475282" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Setting permissions</caption><thead align="left"><tr id="mrs_01_1861__row145381247152817"><th align="left" class="cellrowborder" valign="top" width="36.059999999999995%" id="mcps1.3.3.2.4.2.4.1.2.3.1.1"><p id="mrs_01_1861__p45386472286"><strong id="mrs_01_1861__b4200856125117">Scenario</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="63.94%" id="mcps1.3.3.2.4.2.4.1.2.3.1.2"><p id="mrs_01_1861__p1334011246306"><strong id="mrs_01_1861__b7252617524">Role Authorization</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_1861__row1453844742812"><td class="cellrowborder" valign="top" width="36.059999999999995%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.1 "><p id="mrs_01_1861__p1538164712286">Setting the Kafka administrator permissions</p>
</td>
<td class="cellrowborder" valign="top" width="63.94%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.2 "><ol type="a" id="mrs_01_1861__ol9811840103417"><li id="mrs_01_1861__li3811140173416">On the home page, click the component plug-in name in the <strong id="mrs_01_1861__b67091833182518">KAFKA</strong> area, for example, <strong id="mrs_01_1861__b8716153372513">Kafka</strong>.</li><li id="mrs_01_1861__li13360163663816">Select the policy whose <strong id="mrs_01_1861__b3988145865517">Policy Name</strong> is <strong id="mrs_01_1861__b79931583559">all - topic</strong> and click <span><img id="mrs_01_1861__image262417334017" src="en-us_image_0000001295770256.png"></span> to edit the policy.</li><li id="mrs_01_1861__li1369322054013">In the <strong id="mrs_01_1861__b18150111325610">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1861__b815081345614">Select User</strong> drop-down list.</li><li id="mrs_01_1861__li11121181115317">Click <strong id="mrs_01_1861__b185219548235">Add Permissions</strong> and select <strong id="mrs_01_1861__b35210545233">Select/Deselect All</strong>.</li></ol>
</td>
</tr>
<tr id="mrs_01_1861__row1238694413210"><td class="cellrowborder" valign="top" width="36.059999999999995%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.1 "><p id="mrs_01_1861__p103864447325">Setting the permission for a user to create a topic</p>
</td>
<td class="cellrowborder" valign="top" width="63.94%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.2 "><ol type="a" id="mrs_01_1861__ol1193519563418"><li id="mrs_01_1861__li1935155163415">Specify a topic name in <strong id="mrs_01_1861__b1246114517257">topic</strong>.</li><li id="mrs_01_1861__li1793510573419">In the <strong id="mrs_01_1861__b974912357561">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1861__b775443575612">Select User</strong> drop-down list.</li><li id="mrs_01_1861__li13935135103414">Click <strong id="mrs_01_1861__b124931038135611">Add Permissions</strong> and select <strong id="mrs_01_1861__b5493123855618">Create</strong>.</li></ol>
<div class="note" id="mrs_01_1861__note148591926155017"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="mrs_01_1861__p3859926185012">Currently, the Kafka kernel supports the <strong id="mrs_01_1861__b865424655615">--zookeeper</strong> and <strong id="mrs_01_1861__b8432165110567">--bootstrap-server</strong> methods to create topics. The -<strong id="mrs_01_1861__b2356151155714">-zookeeper</strong> method will be deleted from the community in later versions. Therefore, you are advised to use the <strong id="mrs_01_1861__b31521817155712">--bootstrap-server</strong> method to create topics.</p>
<p id="mrs_01_1861__p1358891716526">Note: Currently, Kafka supports only the authentication of topic creation in <strong id="mrs_01_1861__b1180723765710">--bootstrap-server</strong> mode and does not support that in <strong id="mrs_01_1861__b45781743165713">--zookeeper</strong> mode.</p>
</div></div>
</td>
</tr>
<tr id="mrs_01_1861__row2185182617346"><td class="cellrowborder" valign="top" width="36.059999999999995%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.1 "><p id="mrs_01_1861__p418512643410">Setting the permission for a user to delete a topic</p>
</td>
<td class="cellrowborder" valign="top" width="63.94%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.2 "><ol type="a" id="mrs_01_1861__ol68764496344"><li id="mrs_01_1861__li48761499344">Specify a topic name in <strong id="mrs_01_1861__b562185192513">topic</strong>.</li><li id="mrs_01_1861__li18768499341">In the <strong id="mrs_01_1861__b118418104585">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1861__b8842106585">Select User</strong> drop-down list.</li><li id="mrs_01_1861__li5876144953417">Click <strong id="mrs_01_1861__b9151114175811">Add Permissions</strong> and select <strong id="mrs_01_1861__b31531416583">Delete</strong>.</li></ol>
<div class="note" id="mrs_01_1861__note187217281549"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="mrs_01_1861__p4721928105419">Currently, the Kafka kernel supports the <strong id="mrs_01_1861__b736810190585">--zookeeper</strong> and <strong id="mrs_01_1861__b123732192588">--bootstrap-server</strong> methods to delete topics. The -<strong id="mrs_01_1861__b14373101911588">-zookeeper</strong> method will be deleted from the community in later versions. Therefore, you are advised to use the <strong id="mrs_01_1861__b18373619175811">--bootstrap-server</strong> method to delete topics.</p>
<p id="mrs_01_1861__p2721128185418">Note: Currently, Kafka supports only the authentication of topic deletion in <strong id="mrs_01_1861__b13327103445819">--bootstrap-server</strong> mode and does not support that in <strong id="mrs_01_1861__b18334534195811">--zookeeper</strong> mode.</p>
</div></div>
</td>
</tr>
<tr id="mrs_01_1861__row19860454204111"><td class="cellrowborder" valign="top" width="36.059999999999995%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.1 "><p id="mrs_01_1861__p15861135474111">Setting the permission for a user to query a topic</p>
</td>
<td class="cellrowborder" valign="top" width="63.94%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.2 "><ol type="a" id="mrs_01_1861__ol9198511184219"><li id="mrs_01_1861__li519812111429">Specify a topic name in <strong id="mrs_01_1861__b664525173015">topic</strong>.</li><li id="mrs_01_1861__li12198111124215">In the <strong id="mrs_01_1861__b376284845819">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1861__b19767154813581">Select User</strong> drop-down list.</li><li id="mrs_01_1861__li1619811111426">Click <strong id="mrs_01_1861__b156701850195814">Add Permissions</strong> and select <strong id="mrs_01_1861__b767016509587">Describe</strong> and <strong id="mrs_01_1861__b66711250145819">Describe Configs</strong>.</li></ol>
<div class="note" id="mrs_01_1861__note1852715126561"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="mrs_01_1861__p152781216560">Currently, the Kafka kernel supports the <strong id="mrs_01_1861__b1749385315815">--zookeeper</strong> and <strong id="mrs_01_1861__b1649325311589">--bootstrap-server</strong> methods to query topics. The -<strong id="mrs_01_1861__b649315318583">-zookeeper</strong> method will be deleted from the community in later versions. Therefore, you are advised to use the <strong id="mrs_01_1861__b16493185318585">--bootstrap-server</strong> method to query topics.</p>
<p id="mrs_01_1861__p25271912195612">Note: Currently, Kafka supports only the authentication of topic query in <strong id="mrs_01_1861__b64796205918">--bootstrap-server</strong> mode and does not support that in <strong id="mrs_01_1861__b15522612592">--zookeeper</strong> mode.</p>
</div></div>
</td>
</tr>
<tr id="mrs_01_1861__row17538647112817"><td class="cellrowborder" valign="top" width="36.059999999999995%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.1 "><p id="mrs_01_1861__p6539121692914">Setting the production permission of a user on a topic</p>
</td>
<td class="cellrowborder" valign="top" width="63.94%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.2 "><ol type="a" id="mrs_01_1861__o4fec88099543498580262f53621ac547"><li id="mrs_01_1861__li1952454211196">Specify a topic name in <strong id="mrs_01_1861__b1326175413304">topic</strong>.</li><li id="mrs_01_1861__li052464261919">In the <strong id="mrs_01_1861__b19252192219596">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1861__b16252422115913">Select User</strong> drop-down list.</li><li id="mrs_01_1861__li052474211199">Click <strong id="mrs_01_1861__b146611125185919">Add Permissions</strong> and select <strong id="mrs_01_1861__b16666152545915">Publish</strong>.</li></ol>
</td>
</tr>
<tr id="mrs_01_1861__row4538104742810"><td class="cellrowborder" valign="top" width="36.059999999999995%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.1 "><p id="mrs_01_1861__p3717421182914">Setting the consumption permission of a user on a topic</p>
</td>
<td class="cellrowborder" valign="top" width="63.94%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.2 "><ol type="a" id="mrs_01_1861__ol14891750151716"><li id="mrs_01_1861__li38935031717">Specify a topic name in <strong id="mrs_01_1861__b136891055153018">topic</strong>.</li><li id="mrs_01_1861__li189135016174">In the <strong id="mrs_01_1861__b133091936125916">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1861__b23094367592">Select User</strong> drop-down list.</li><li id="mrs_01_1861__li10901850131714">Click <strong id="mrs_01_1861__b8976539135918">Add Permissions</strong> and select <strong id="mrs_01_1861__b4981239205919">Consume</strong>.</li></ol>
<div class="note" id="mrs_01_1861__note17441151294019"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="mrs_01_1861__p1544171219404">During topic consumption, offset management is involved. Therefore, the <strong id="mrs_01_1861__b81851321142414">Consume</strong> permission of <strong id="mrs_01_1861__b162646275244">ConsumerGroup</strong> must be enabled at the same time. For details, see <strong id="mrs_01_1861__b586204212418">Setting a User's Permission to Submit ConsumerGroup Offsets</strong>.</p>
</div></div>
</td>
</tr>
<tr id="mrs_01_1861__row1221513393328"><td class="cellrowborder" valign="top" width="36.059999999999995%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.1 "><p id="mrs_01_1861__p32167392326">Setting the permission for a user to expand a topic (by adding partitions)</p>
</td>
<td class="cellrowborder" valign="top" width="63.94%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.2 "><ol type="a" id="mrs_01_1861__ol1165163725212"><li id="mrs_01_1861__li16165237155213">Specify a topic name in <strong id="mrs_01_1861__b1199514483117">topic</strong>.</li><li id="mrs_01_1861__li31659371526">In the <strong id="mrs_01_1861__b117271695012">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1861__b177337913015">Select User</strong> drop-down list.</li><li id="mrs_01_1861__li1216518372528">Click <strong id="mrs_01_1861__b1757855702414">Add Permissions</strong> and select <strong id="mrs_01_1861__b1358345713245">Alter</strong>.</li></ol>
</td>
</tr>
<tr id="mrs_01_1861__row143925337813"><td class="cellrowborder" valign="top" width="36.059999999999995%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.1 "><p id="mrs_01_1861__p1639217332814">Setting the permission for a user to modify the topic configuration</p>
</td>
<td class="cellrowborder" valign="top" width="63.94%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.2 "><p id="mrs_01_1861__p721335615813">Currently, the Kafka kernel does not support to modify topic parameters based on <strong id="mrs_01_1861__b1774115206011">--bootstrap-server</strong>. Therefore, Ranger does not support authentication for this behavior.</p>
</td>
</tr>
<tr id="mrs_01_1861__row79051436445"><td class="cellrowborder" valign="top" width="36.059999999999995%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.1 "><p id="mrs_01_1861__p1790510434446">Setting all the management permissions of a user on a cluster</p>
</td>
<td class="cellrowborder" valign="top" width="63.94%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.2 "><ol type="a" id="mrs_01_1861__ol59598654518"><li id="mrs_01_1861__li11959116144510">Enter a cluster name and select the cluster on the right side of <strong id="mrs_01_1861__b18521812195816">cluster</strong>.</li><li id="mrs_01_1861__li16959866457">In the <strong id="mrs_01_1861__b1990217511045">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1861__b69031851345">Select User</strong> drop-down list.</li><li id="mrs_01_1861__li10959166144513">Click <strong id="mrs_01_1861__b1332052235813">Add Permissions</strong> and select <strong id="mrs_01_1861__b1321152245816">Kafka Admin</strong>.</li></ol>
</td>
</tr>
<tr id="mrs_01_1861__row1997915611165"><td class="cellrowborder" valign="top" width="36.059999999999995%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.1 "><p id="mrs_01_1861__p498085661618">Setting the permission for a user to create a cluster</p>
</td>
<td class="cellrowborder" valign="top" width="63.94%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.2 "><ol type="a" id="mrs_01_1861__ol113322610178"><li id="mrs_01_1861__li17751116678">On the home page, click the component plug-in name in the <strong id="mrs_01_1861__b139961364319">KAFKA</strong> area, for example, <strong id="mrs_01_1861__b9996196163111">Kafka</strong>.</li><li id="mrs_01_1861__li138521244719">Select the policy whose <strong id="mrs_01_1861__b11950221619">Policy Name</strong> is <strong id="mrs_01_1861__b1795082119">all - cluster</strong> and click <span><img id="mrs_01_1861__image1523783014717" src="en-us_image_0000001295770272.png"></span> to edit the policy.</li><li id="mrs_01_1861__li103312263174">Enter a cluster name and select the cluster on the right side of <strong id="mrs_01_1861__b34253141112">cluster</strong>.</li><li id="mrs_01_1861__li8332263178">In the <strong id="mrs_01_1861__b67757265115">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1861__b2078012267111">Select User</strong> drop-down list.</li><li id="mrs_01_1861__li233026101713">Click <strong id="mrs_01_1861__b128917311115">Add Permissions</strong> and select <strong id="mrs_01_1861__b62951311314">Create</strong>.</li></ol>
<div class="note" id="mrs_01_1861__note7713832101716"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="mrs_01_1861__p104281530142912">The authentication of the <strong id="mrs_01_1861__b947341211">Create</strong> operation of a cluster involves the following two scenarios:</p>
<ol type="a" id="mrs_01_1861__ol11281143419295"><li id="mrs_01_1861__li228217345298">After the <strong id="mrs_01_1861__b52655365114">auto.create.topics.enable</strong> parameter is enabled in the cluster, the client sends data to a topic that has not been created in the service. In this case, the system checks whether the user has the <strong id="mrs_01_1861__b52668361118">Create</strong> permission of the cluster.</li><li id="mrs_01_1861__li196841936142914">If a user creates a large number of topics and is granted the <strong id="mrs_01_1861__b1318364214111">Cluster Create</strong> permission, the user can create any topic in the cluster.</li></ol>
</div></div>
</td>
</tr>
<tr id="mrs_01_1861__row665581815358"><td class="cellrowborder" valign="top" width="36.059999999999995%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.1 "><p id="mrs_01_1861__p565681816352">Setting the permission for a user to modify the cluster configuration</p>
</td>
<td class="cellrowborder" valign="top" width="63.94%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.2 "><ol type="a" id="mrs_01_1861__ol1848343943510"><li id="mrs_01_1861__li10483123910357">Enter a cluster name and select the cluster on the right side of <strong id="mrs_01_1861__b1626615521619">cluster</strong>.</li><li id="mrs_01_1861__li11483173973519">In the <strong id="mrs_01_1861__b8873135415112">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1861__b19873354215">Select User</strong> drop-down list.</li><li id="mrs_01_1861__li15483539133514">Click <strong id="mrs_01_1861__b681410570117">Add Permissions</strong> and select <strong id="mrs_01_1861__b18141157510">Alter Configs</strong>.</li></ol>
<div class="note" id="mrs_01_1861__note83265123485"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="mrs_01_1861__p1832615125485">The configuration modification permission allows you to modify the Broker and Broker Logger configurations.</p>
<p id="mrs_01_1861__p71031243194815">After the configuration modification permission is granted to a user, the user can query configuration details even if the user does not have the query permission. (The configuration modification permission includes the configuration query permission.)</p>
</div></div>
</td>
</tr>
<tr id="mrs_01_1861__row17639204311"><td class="cellrowborder" valign="top" width="36.059999999999995%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.1 "><p id="mrs_01_1861__p863919010317">Setting the permission for a user to query the cluster configuration</p>
</td>
<td class="cellrowborder" valign="top" width="63.94%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.2 "><ol type="a" id="mrs_01_1861__ol61558423324"><li id="mrs_01_1861__li4155124215321">Enter a cluster name and select the cluster on the right side of <strong id="mrs_01_1861__b344819245220">cluster</strong>.</li><li id="mrs_01_1861__li1815544210324">In the <strong id="mrs_01_1861__b17637531620">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1861__b664211318210">Select User</strong> drop-down list.</li><li id="mrs_01_1861__li815515424327">Click <strong id="mrs_01_1861__b3192113816213">Add Permissions</strong> and select <strong id="mrs_01_1861__b1319718381826">Describe</strong> and <strong id="mrs_01_1861__b1719716387215">Describe Configs</strong>.</li></ol>
<div class="note" id="mrs_01_1861__note4646133173319"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="mrs_01_1861__p8646633133312">You can only query Broker and Broker Logger information in the cluster, excluding topics.</p>
</div></div>
</td>
</tr>
<tr id="mrs_01_1861__row9792181212522"><td class="cellrowborder" valign="top" width="36.059999999999995%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.1 "><p id="mrs_01_1861__p187935121525">Setting the Idempotent Write permission in a cluster for a user</p>
</td>
<td class="cellrowborder" valign="top" width="63.94%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.2 "><ol type="a" id="mrs_01_1861__ol1132812795310"><li id="mrs_01_1861__li732810715317">Enter a cluster name and select the cluster on the right side of <strong id="mrs_01_1861__b178520110314">cluster</strong>.</li><li id="mrs_01_1861__li9328147205318">In the <strong id="mrs_01_1861__b11294538">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1861__b121374538">Select User</strong> drop-down list.</li><li id="mrs_01_1861__li132818745318">Click <strong id="mrs_01_1861__b1095017611314">Add Permissions</strong> and select <strong id="mrs_01_1861__b199551061131">Idempotent Write</strong>.</li></ol>
<div class="note" id="mrs_01_1861__note7308749165310"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="mrs_01_1861__p73091749195310">This permission authenticates the <strong id="mrs_01_1861__b171413101731">Idempotent Produce</strong> behavior of the user's client.</p>
</div></div>
</td>
</tr>
<tr id="mrs_01_1861__row38576441551"><td class="cellrowborder" valign="top" width="36.059999999999995%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.1 "><p id="mrs_01_1861__p285719442553">Setting the permission to migrate partitions in a cluster for a user</p>
</td>
<td class="cellrowborder" valign="top" width="63.94%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.2 "><ol type="a" id="mrs_01_1861__ol1333112595615"><li id="mrs_01_1861__li133338257563">Enter a cluster name and select the cluster on the right side of <strong id="mrs_01_1861__b1192321819318">cluster</strong>.</li><li id="mrs_01_1861__li53331825155616">In the <strong id="mrs_01_1861__b193517211138">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1861__b193561521539">Select User</strong> drop-down list.</li><li id="mrs_01_1861__li533342513568">Click <strong id="mrs_01_1861__b8485175252">Add Permissions</strong> and select <strong id="mrs_01_1861__b549110702513">Alter</strong>.</li></ol>
<div class="note" id="mrs_01_1861__note280635695619"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="mrs_01_1861__p1180613563565">The <strong id="mrs_01_1861__b119005261834">Alter</strong> permission of a cluster can be used to control permissions in the following scenarios:</p>
<ol type="a" id="mrs_01_1861__ol125501254589"><li id="mrs_01_1861__li45501565814"><a name="mrs_01_1861__li45501565814"></a><a name="li45501565814"></a>In the <strong id="mrs_01_1861__b1975120290314">Partition Reassign</strong> scenario, migrate the storage directory of replicas.</li><li id="mrs_01_1861__li16835192518593"><a name="mrs_01_1861__li16835192518593"></a><a name="li16835192518593"></a>Elect a leader replica in each partition of the cluster.</li><li id="mrs_01_1861__li8445134935915"><a name="mrs_01_1861__li8445134935915"></a><a name="li8445134935915"></a>Add or delete ACLs.</li></ol>
<p id="mrs_01_1861__p10126125975916">Operations in scenarios <a href="#mrs_01_1861__li45501565814">1</a> and <a href="#mrs_01_1861__li16835192518593">2</a> are between a controller and broker and between brokers in the cluster. When a cluster is created, this permission is granted to the built-in Kafka user by default. It is meaningless for a common user to be granted with this permission.</p>
<p id="mrs_01_1861__p20294307210">Scenario <a href="#mrs_01_1861__li8445134935915">3</a> involves the ACL management. ACLs are designed for authentication. Currently, Kafka authentication is hosted to Ranger. Therefore, this scenario is not involved (the configuration does not take effect).</p>
</div></div>
</td>
</tr>
<tr id="mrs_01_1861__row74251934348"><td class="cellrowborder" valign="top" width="36.059999999999995%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.1 "><p id="mrs_01_1861__p64253341044">Setting the Cluster Action permission in a cluster for a user</p>
</td>
<td class="cellrowborder" valign="top" width="63.94%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.2 "><ol type="a" id="mrs_01_1861__ol1397125710414"><li id="mrs_01_1861__li63971571416">Enter a cluster name and select the cluster on the right side of <strong id="mrs_01_1861__b616920491949">cluster</strong>.</li><li id="mrs_01_1861__li1397105710413">In the <strong id="mrs_01_1861__b1688198046">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1861__b1889599023">Select User</strong> drop-down list.</li><li id="mrs_01_1861__li10397195714415">Click <strong id="mrs_01_1861__b94013562413">Add Permissions</strong> and select <strong id="mrs_01_1861__b04514561411">Cluster Action</strong>.</li></ol>
<div class="note" id="mrs_01_1861__note41991223758"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="mrs_01_1861__p18199523554">This permission controls the synchronization between the leader and follower replicas in the cluster and the communication between nodes. It has been granted to the built-in Kakfa user during cluster creation. It is meaningless for a common user to grant this permission.</p>
</div></div>
</td>
</tr>
<tr id="mrs_01_1861__row61653412714"><td class="cellrowborder" valign="top" width="36.059999999999995%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.1 "><p id="mrs_01_1861__p101661441073">Setting the TransactionalId permission for a user</p>
</td>
<td class="cellrowborder" valign="top" width="63.94%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.2 "><ol type="a" id="mrs_01_1861__ol130313471410"><li id="mrs_01_1861__li1430318349146">On the home page, click the component plug-in name in the <strong id="mrs_01_1861__b41471699314">KAFKA</strong> area, for example, <strong id="mrs_01_1861__b1914814915315">Kafka</strong>.</li><li id="mrs_01_1861__li11303173491412">Select the policy whose <strong id="mrs_01_1861__b1892561812515">Policy Name</strong> is <strong id="mrs_01_1861__b1392510182516">all - transactionalid</strong> and click <span><img id="mrs_01_1861__image10303734121413" src="en-us_image_0000001349169789.png"></span> to edit the policy.</li></ol>
<ol type="a" id="mrs_01_1861__ol13036342142"><li id="mrs_01_1861__li1730383491415">Set <strong id="mrs_01_1861__b1426120265519">transactionalid</strong> to a transaction ID.</li><li id="mrs_01_1861__li1530310343148">In the <strong id="mrs_01_1861__b168528296519">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1861__b88533293519">Select User</strong> drop-down list.</li><li id="mrs_01_1861__li11303163411416">Click <strong id="mrs_01_1861__b19545153313519">Add Permissions</strong> and select <strong id="mrs_01_1861__b145501333757">Publish</strong> and <strong id="mrs_01_1861__b45511233650">Describe</strong>.</li></ol>
<div class="note" id="mrs_01_1861__note1932397913"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="mrs_01_1861__p11932591194">The <strong id="mrs_01_1861__b77821937559">Publish</strong> permission is used to authenticate client requests for which the transaction feature is enabled, for example, starting and ending a transaction, submitting an offset, and generating transactional data.</p>
<p id="mrs_01_1861__p199818523144">The <strong id="mrs_01_1861__b681311427511">Describe</strong> permission is used to authenticate the requests from the client and coordinator that have enabled the transaction feature.</p>
<p id="mrs_01_1861__p112577337154">If the transaction feature is enabled, you are advised to grant both the <strong id="mrs_01_1861__b72341481517">Publish</strong> and <strong id="mrs_01_1861__b4239148455">Describe</strong> permissions to users.</p>
</div></div>
</td>
</tr>
<tr id="mrs_01_1861__row6399175518132"><td class="cellrowborder" valign="top" width="36.059999999999995%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.1 "><p id="mrs_01_1861__p1339955541311">Setting the DelegationToken permission for a user</p>
</td>
<td class="cellrowborder" valign="top" width="63.94%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.2 "><ol type="a" id="mrs_01_1861__ol35412349163"><li id="mrs_01_1861__li1822813275152">On the home page, click the component plug-in name in the <strong id="mrs_01_1861__b188051610103115">KAFKA</strong> area, for example, <strong id="mrs_01_1861__b19806121063115">Kafka</strong>.</li><li id="mrs_01_1861__li34641337181513">Select the policy whose <strong id="mrs_01_1861__b1693111662">Policy Name</strong> is <strong id="mrs_01_1861__b06991712616">all - delegationtoken</strong> and click <span><img id="mrs_01_1861__image315794311154" src="en-us_image_0000001348770085.png"></span> to edit the policy.</li><li id="mrs_01_1861__li4541143421611">Set <strong id="mrs_01_1861__b116019912618">delegationtoken</strong> to a delegation token.</li><li id="mrs_01_1861__li1954153412161">In the <strong id="mrs_01_1861__b684510121860">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1861__b3850181214612">Select User</strong> drop-down list.</li><li id="mrs_01_1861__li1541103420162">Click <strong id="mrs_01_1861__b1298117161064">Add Permissions</strong> and select <strong id="mrs_01_1861__b29863161464">Describe</strong>.</li></ol>
<div class="note" id="mrs_01_1861__note11211194701716"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="mrs_01_1861__p82121647111710">Currently, Ranger only controls the query permission of DelegationToken, but does not control its <strong id="mrs_01_1861__b539152114613">create</strong>, <strong id="mrs_01_1861__b1039613211966">renew</strong>, and <strong id="mrs_01_1861__b439712216610">expire</strong> permissions.</p>
</div></div>
</td>
</tr>
<tr id="mrs_01_1861__row1581011381566"><td class="cellrowborder" valign="top" width="36.059999999999995%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.1 "><p id="mrs_01_1861__p481043812564">Setting the permission for a user to query ConsumerGroup Offsets</p>
</td>
<td class="cellrowborder" valign="top" width="63.94%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.2 "><ol type="a" id="mrs_01_1861__ol26731639214"><li id="mrs_01_1861__li176730316213">On the home page, click the component plug-in name in the <strong id="mrs_01_1861__b319781573115">KAFKA</strong> area, for example, <strong id="mrs_01_1861__b22031815183112">Kafka</strong>.</li><li id="mrs_01_1861__li1767318314219">Select the policy whose <strong id="mrs_01_1861__b27417543256">Policy Name</strong> is <strong id="mrs_01_1861__b1274754102510">all - consumergroup</strong> and click <span><img id="mrs_01_1861__image967333322" src="en-us_image_0000001348770081.png"></span> to edit the policy.</li><li id="mrs_01_1861__li13673173824">In <strong id="mrs_01_1861__b74794154267">consumergroup</strong>, configure the consumer group to be managed.</li><li id="mrs_01_1861__li76731134217">In the <strong id="mrs_01_1861__b4894201842616">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1861__b1889981814262">Select User</strong> drop-down list.</li><li id="mrs_01_1861__li618108533">Click <strong id="mrs_01_1861__b1244042122613">Add Permissions</strong> and select <strong id="mrs_01_1861__b16440192122618">Describe</strong>.</li></ol>
</td>
</tr>
<tr id="mrs_01_1861__row840514206318"><td class="cellrowborder" valign="top" width="36.059999999999995%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.1 "><p id="mrs_01_1861__p3405112017319">Set the user's submission permission on <strong id="mrs_01_1861__b153951633132610">ConsumerGroup Offsets</strong>.</p>
</td>
<td class="cellrowborder" valign="top" width="63.94%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.2 "><ol type="a" id="mrs_01_1861__ol10893204218318"><li id="mrs_01_1861__li198938421032">On the home page, click the component plug-in name in the <strong id="mrs_01_1861__b21231717163117">KAFKA</strong> area, for example, <strong id="mrs_01_1861__b12124617123119">Kafka</strong>.</li><li id="mrs_01_1861__li689384217318">Select the policy whose <strong id="mrs_01_1861__b1725014389262">Policy Name</strong> is <strong id="mrs_01_1861__b14250163810269">all - consumergroup</strong> and click <span><img id="mrs_01_1861__image18893742335" src="en-us_image_0000001296090048.png"></span> to edit the policy.</li><li id="mrs_01_1861__li1189364211310">In <strong id="mrs_01_1861__b94673593264">consumergroup</strong>, configure the consumer group to be managed.</li><li id="mrs_01_1861__li38939424315">In the <strong id="mrs_01_1861__b665460122720">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1861__b26599015275">Select User</strong> drop-down list.</li><li id="mrs_01_1861__li58934427319">Click <strong id="mrs_01_1861__b97507212271">Add Permissions</strong> and select <strong id="mrs_01_1861__b1075122182719">Consume</strong>.</li></ol>
<div class="note" id="mrs_01_1861__note1017224913611"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="mrs_01_1861__p017317491069">After a user is granted with the <strong id="mrs_01_1861__b15121131316274">Consume</strong> permission of <strong id="mrs_01_1861__b13245111832710">ConsumerGroup</strong>, the user is also granted with the <strong id="mrs_01_1861__b936692318276">Describe</strong> permission.</p>
</div></div>
</td>
</tr>
<tr id="mrs_01_1861__row169716541591"><td class="cellrowborder" valign="top" width="36.059999999999995%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.1 "><p id="mrs_01_1861__p12697125418910">Setting the permission for a user to delete ConsumerGroup Offsets</p>
</td>
<td class="cellrowborder" valign="top" width="63.94%" headers="mcps1.3.3.2.4.2.4.1.2.3.1.2 "><ol type="a" id="mrs_01_1861__ol959711441014"><li id="mrs_01_1861__li12597104161010">On the home page, click the component plug-in name in the <strong id="mrs_01_1861__b94191018103113">KAFKA</strong> area, for example, <strong id="mrs_01_1861__b242017184317">Kafka</strong>.</li><li id="mrs_01_1861__li5597043102">Select the policy whose <strong id="mrs_01_1861__b8461104482710">Policy Name</strong> is <strong id="mrs_01_1861__b1246118448278">all - consumergroup</strong> and click <span><img id="mrs_01_1861__image2597542106" src="en-us_image_0000001349289357.png"></span> to edit the policy.</li><li id="mrs_01_1861__li3597249105">In <strong id="mrs_01_1861__b102671500285">consumergroup</strong>, configure the consumer group to be managed.</li><li id="mrs_01_1861__li1859754181011">In the <strong id="mrs_01_1861__b71094232814">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1861__b41141242817">Select User</strong> drop-down list.</li><li id="mrs_01_1861__li359718416101">Click <strong id="mrs_01_1861__b12489133152812">Add Permissions</strong> and select <strong id="mrs_01_1861__b174904319283">Delete</strong>.</li></ol>
<div class="note" id="mrs_01_1861__note1449524611010"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="mrs_01_1861__p1649511469103">When a user is granted with the <strong id="mrs_01_1861__b1047111019287">Delete</strong> permission of <strong id="mrs_01_1861__b15741614122810">ConsumerGroup</strong>, the user is also granted with the <strong id="mrs_01_1861__b93501818172810">Describe</strong> permission.</p>
</div></div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</p></li><li id="mrs_01_1861__li1171204215226"><span>(Optional) Add the validity period of the policy. Click <strong id="mrs_01_1861__b765312381610">Add Validity period</strong> in the upper right corner of the page, set <strong id="mrs_01_1861__b4659113817617">Start Time</strong> and <strong id="mrs_01_1861__b1665911384610">End Time</strong>, and select <strong id="mrs_01_1861__b20659173810616">Time Zone</strong>. Click <strong id="mrs_01_1861__b353992143119">Save</strong>. To add multiple policy validity periods, click <span><img id="mrs_01_1861__en-us_topic_0241932507_image15741956174617" src="en-us_image_0000001349169793.png"></span>. To delete a policy validity period, click <span><img id="mrs_01_1861__en-us_topic_0241932507_image9741115619467" src="en-us_image_0000001295930228.png"></span>.</span></li><li id="mrs_01_1861__li18337132412418"><span>Click <strong id="mrs_01_1861__b278915515719">Add</strong> to view the basic information about the policy in the policy list. After the policy takes effect, check whether the related permissions are normal.</span><p><p id="mrs_01_1861__en-us_topic_0241932507_p63219632216">To disable a policy, click <span><img id="mrs_01_1861__en-us_topic_0241932507_image1876104732217" src="en-us_image_0000001348770089.png"></span> to edit the policy and set the policy to <strong id="mrs_01_1861__b6202627143110">Disabled</strong>.</p>
<p id="mrs_01_1861__en-us_topic_0241932507_p1156483182316">If a policy is no longer used, click <span><img id="mrs_01_1861__en-us_topic_0241932507_image79841567249" src="en-us_image_0000001296090060.png"></span> to delete it.</p>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_1849.html">Using Ranger (MRS 3.x)</a></div>
</div>
</div>
View Git Blame Copy Permalink