Apache Storm - Topology Permissions
Overview
Apache Storm is a distributed system designed for processing streams of information. Each unit of processing is called a bolt and a group of bolts with an initial spout is called a topology. Multiple topologies can be deployed on a single Apache Storm cluster. Multi tenancy within an Apache Storm cluster requires the ability to prevent any user from killing a topology or viewing the topology logs. Much of the information comes from the Apache Storm security documentation but it isn’t entirely clear what each setting does.
Apache Storm Topology Permissions
By default when security is enabled for Apache Storm, only the user who deploys the topology has access to admin operations such as rebalance, activate, deactivate, and kill. The configurations below can be set at the cluster or topology level. If they are defined in the topology they will override the global configuration.
Configuration | Description |
---|---|
topology.users / topplogy.groups |
This allows the users/groups specified to act as owners of the topology. This allows users to perform topology admin operations such as rebalance, activate, deactivate, and kill. |
logs.users / logs.groups |
This allows the users/groups specified to look at the logs of the topology. |
Apache Storm Cluster Admin Permissions
There is one cluster level configuration that will enable a set of users to be admins for the entire Apache Storm cluster.
Configuration | Description |
---|---|
nimbus.admins |
These users will have super user permissions on all topologies deployed. They will be able to perform other admin operations (such as rebalance, activate, deactivate and kill), even if they are not the owners of the topology. |