Loading...

Kstreams how to restrict creating intermediate topics


Is there a way can a operations team restrict application teams from creating kafka stream intermediate topics on kafka cluster?

- - Source

Answers

answered 1 week ago Giorgos Myrianthous #1

Kafka provides authorisation mechanisms and more precisely, a pluggable Authorizer. You can either use the simple Authorizer implementation which is provided by Kafka by including the following configuration in server.properties

authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer

or you can create your own class that implements Authorizer Interface. Again, you'd need to provide the authorizer.class.name in server.properties broker configuration file.

When an authorizer is configured, access to resources is limited to Super Users and therefore if a resource has no associated ACLs, then the access is restricted only to these Super Users. In order to define super users, you simply need to include them in the server.properties configuration;

super.users=User:Bob;User:Alice

This is the default behaviour, and can be amended by including the following configuration in server.properties file

allow.everyone.if.no.acl.found=true

that essentially enables access to every user when no ACLs are configured.

comments powered by Disqus