KSQL Security
Discusses KSQL security topics.
KSQL COMMANDS
The KSQL COMMANDS internal topic is used to backup information about KSQL streams, KSQL tables, KSQL persistent queries, and so on. KSQL uses KSQL COMMANDS to restore the KSQL server state in case there is a fault or server restart.
Each KSQL Server cluster has a unique service ID which is provided through the
ksql.service.id
property. By default, the
kslq.service.id
is _default
. To provide additional
security, ksql.service.id
-specific folders are created in the
ksql-internal-stream
stream.
/apps
directory has only write access to mapr
user. Therefore, the /apps/ksql
directory cannot be modified or deleted by
any user other than mapr
user. KSQL ksql.service.id
-specific folders are created in the
/apps/ksql/
directory for every KSQL server cluster (represented by
ksql.service.id
).
Default Stream
KSQL Server provides a default stream for topics when they are being processed. When KSQL Server is not impersonated (non-interactive or interactive+no-impersonation), the KSQL Server default stream is used.
KSQL Cleanup
The KSQL cleanup feature is integrated to ensure that the underlying KSQL state (such as internal topics) are cleaned up correctly. See Application Reset Tool for more information.
Deployment
ksql.service.id
) is uniquely created for the KSQL
implementation; this means that the user associated with the service ID
cannot grant permissions to other users to use the same service ID.MapR KSQL deployment model is the same as Apache Kafka's deployment model. The KSQL Servers are not managed as part of the MapR cluster (for example, mapr-warden); you are required to run (or manage) your own KSQL Servers.