Help Center/ Distributed Message Service for Kafka/ API Reference/ APIs V2 (Recommended)/ User Management/ Granting User Permissions
Updated on 2024-06-07 GMT+08:00
Online Debugging
CLI Examples
View PDF
Share

Granting User Permissions

Function

This API is used to grant user permissions.

User management is supported only when SASL is enabled for the Kafka instance.

Calling Method

For details, see Calling APIs.

URI

POST /v1/{project_id}/instances/{instance_id}/topics/accesspolicy

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID. For details about how to obtain it, see Obtaining a Project ID.

instance_id

Yes

String

Instance ID.

Request Parameters

Table 2 Request body parameters

Parameter

Mandatory

Type

Description

topics

Yes

Array of AccessPolicyTopicEntity objects

Topic list.
Table 3 AccessPolicyTopicEntity

Parameter

Mandatory

Type

Description

name

Yes

String

Topic name.

policies

Yes

Array of AccessPolicyEntity objects

Permission list.
Table 4 AccessPolicyEntity

Parameter

Mandatory

Type

Description

user_name

No

String

Username.

This parameter is mandatory when you set user permissions.

access_policy

No

String

Permission type.

  • all: publish and subscribe permissions.

  • pub: publish permissions.

  • sub: subscribe permissions.

This parameter is mandatory when you set user permissions.

Response Parameters

Status code: 400

Table 5 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Status code: 403

Table 6 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Example Requests

Granting the root user the permission to publish and subscribe to topic-test

POST https://{endpoint}/v1/{project_id}/instances/{instance_id}/topics/accesspolicy

{
  "topics" : [ {
    "name" : "topic-test",
    "policies" : [ {
      "user_name" : "root",
      "access_policy" : "all"
    } ]
  } ]
}

Example Responses

None

SDK Sample Code

The SDK sample code is as follows.

Granting the root user the permission to publish and subscribe to topic-test

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.kafka.v2.region.KafkaRegion;
import com.huaweicloud.sdk.kafka.v2.*;
import com.huaweicloud.sdk.kafka.v2.model.*;

import java.util.List;
import java.util.ArrayList;

public class UpdateTopicAccessPolicySolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        KafkaClient client = KafkaClient.newBuilder()
                .withCredential(auth)
                .withRegion(KafkaRegion.valueOf("<YOUR REGION>"))
                .build();
        UpdateTopicAccessPolicyRequest request = new UpdateTopicAccessPolicyRequest();
        request.withInstanceId("{instance_id}");
        UpdateTopicAccessPolicyReq body = new UpdateTopicAccessPolicyReq();
        List<AccessPolicyEntity> listTopicsPolicies = new ArrayList<>();
        listTopicsPolicies.add(
            new AccessPolicyEntity()
                .withUserName("root")
                .withAccessPolicy(AccessPolicyEntity.AccessPolicyEnum.fromValue("all"))
        );
        List<AccessPolicyTopicEntity> listbodyTopics = new ArrayList<>();
        listbodyTopics.add(
            new AccessPolicyTopicEntity()
                .withName("topic-test")
                .withPolicies(listTopicsPolicies)
        );
        body.withTopics(listbodyTopics);
        request.withBody(body);
        try {
            UpdateTopicAccessPolicyResponse response = client.updateTopicAccessPolicy(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

Granting the root user the permission to publish and subscribe to topic-test

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkkafka.v2.region.kafka_region import KafkaRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkkafka.v2 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = KafkaClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(KafkaRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = UpdateTopicAccessPolicyRequest()
        request.instance_id = "{instance_id}"
        listPoliciesTopics = [
            AccessPolicyEntity(
                user_name="root",
                access_policy="all"
            )
        ]
        listTopicsbody = [
            AccessPolicyTopicEntity(
                name="topic-test",
                policies=listPoliciesTopics
            )
        ]
        request.body = UpdateTopicAccessPolicyReq(
            topics=listTopicsbody
        )
        response = client.update_topic_access_policy(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

Granting the root user the permission to publish and subscribe to topic-test

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    kafka "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/kafka/v2"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/kafka/v2/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/kafka/v2/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := kafka.NewKafkaClient(
        kafka.KafkaClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.UpdateTopicAccessPolicyRequest{}
	request.InstanceId = "{instance_id}"
	userNamePolicies:= "root"
	accessPolicyPolicies:= model.GetAccessPolicyEntityAccessPolicyEnum().ALL
	var listPoliciesTopics = []model.AccessPolicyEntity{
        {
            UserName: &userNamePolicies,
            AccessPolicy: &accessPolicyPolicies,
        },
    }
	var listTopicsbody = []model.AccessPolicyTopicEntity{
        {
            Name: "topic-test",
            Policies: listPoliciesTopics,
        },
    }
	request.Body = &model.UpdateTopicAccessPolicyReq{
		Topics: listTopicsbody,
	}
	response, err := client.UpdateTopicAccessPolicy(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code

Description

204

The update is successful.

400

Invalid parameters.

403

Authentication failed.

Error Codes

See Error Codes.

Parent Topic: User Management