Is there a way can a operations team restrict application teams from creating kafka stream intermediate topics on kafka cluster?
Asked
Active
Viewed 144 times
2
Giorgos Myrianthous
- 36,235
- 20
- 134
- 156
sanat
- 91
- 7
-
probably [helps](https://kafka.apache.org/21/documentation/streams/developer-guide/security.html#streams-developer-guide-security) – senseiwu Mar 14 '19 at 20:21
-
see [this link](https://docs.confluent.io/current/streams/developer-guide/security.html) as well – senseiwu Mar 14 '19 at 20:30
1 Answers
1
Kafka provides authorisation mechanisms and more precisely, a pluggable Authorizer.
You can either use the simple Authorizer implementation which is provided by Kafka by including the following configuration in server.properties
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
or you can create your own class that implements Authorizer Interface. Again, you'd need to provide the authorizer.class.name in server.properties broker configuration file.
When an authorizer is configured, access to resources is limited to Super Users and therefore if a resource has no associated ACLs, then the access is restricted only to these Super Users. In order to define super users, you simply need to include them in the server.properties configuration;
super.users=User:Bob;User:Alice
This is the default behaviour, and can be amended by including the following configuration in server.properties file
allow.everyone.if.no.acl.found=true
that essentially enables access to every user when no ACLs are configured.
Giorgos Myrianthous
- 36,235
- 20
- 134
- 156