ZooKeeper Access Control
ZooKeeper provides Access Control to its data via an Access Control List (ACL) mechanism.
When data is written to ZooKeeper, NiFi will provide an ACL that indicates that any user is
allowed to have full permissions to the data, or an ACL that indicates that only the user
that created the data is allowed to access the data. Which ACL is used depends on the value
Access Control property for the
In order to use an ACL that indicates that only the Creator is allowed to access the data, we need to tell ZooKeeper who the Creator is. There are two mechanisms for accomplishing this. The first mechanism is to provide authentication using Kerberos.
The second option is to use a user name and password. This is configured by specifying a
value for the
Username and a value for the
properties for the
The important thing to keep in mind here, though, is that ZooKeeper will pass around the
password in plain text. This means that using a user name and password should not be used
unless ZooKeeper is running on localhost as a one-instance cluster, or if communications
with ZooKeeper occur only over encrypted communications, such as a VPN or an SSL
connection. ZooKeeper will be providing support for SSL connections in version 3.5.0.