Updated on 2023-05-06 GMT+08:00

Configuring Topic Permissions

DMS for Kafka supports ACL permission management for topics. You can differentiate the operations that different users are allowed to perform on a topic by granting the users different permissions.

This section describes how to grant topic permissions to a SASL_SSL user. For details about how to create a SASL_SSL user, see Creating a SASL_SSL User.

Constraints

  • If no SASL_SSL user is granted any permission for a topic, all users can subscribe to or publish messages to the topic.
  • If one or more SASL_SSL users are granted permissions for a topic, only the authorized users can subscribe to or publish messages to the topic.
  • If both the default and individual user permissions are configured for a topic, the union of the permissions is used.

Prerequisites

  • SASL_SSL has been enabled when you create the Kafka instance.
  • (Optional) A SASL_SSL user has been created. For details, see Creating a SASL_SSL User.

Configuring Topic Permissions

  1. Log in to the management console.
  2. Click in the upper left corner to select a region.

    Select the region where your Kafka instance is located.

  3. Click and choose Application > Distributed Message Service for Kafka to open the console of DMS for Kafka.
  4. Click the desired Kafka instance to view the instance details.
  5. In the navigation pane, choose the Topics tab.
  6. In the row that contains the topic for which you want to configure user permissions, click Grant User Permission.

    In the upper part of the Grant User Permission dialog box, the topic information is displayed, including the topic name, number of partitions, aging time, number of replicas, and whether synchronous flushing is enabled. In the middle part, you can use the search box to search for a user if there are many SASL_SSL users. In the Users area, the list of created SASL_SSL users is displayed. In the Selected area, you can grant permissions to the SASL_SSL users.

  7. In the Users area of the Grant User Permission dialog box, select target users. In the Selected area, configure permissions (Subscribe, Publish, or Publish/Subscribe) for the users.

    Figure 1 Granting user permissions

    As shown in Figure 1, only the test, send, and receive users can subscribe to or publish messages to topic-01. The send_receive user cannot subscribe to or publish messages to topic-01.

  8. Click OK.

    On the Topics tab page, click next to the topic name to view the authorized users and their permissions.

    Figure 2 Viewing authorized users and their permissions

(Optional) Deleting Topic Permissions

  1. Log in to the management console.
  2. Click in the upper left corner to select a region.

    Select the region where your Kafka instance is located.

  3. Click and choose Application > Distributed Message Service for Kafka to open the console of DMS for Kafka.
  4. Click the desired Kafka instance to view the instance details.
  5. In the navigation pane, choose the Topics tab.
  6. In the row that contains the topic for which you want to remove user permissions, click Grant User Permission.
  7. In the Selected area of the displayed Grant User Permission dialog box, locate the row that contains the SASL_SSL user whose permissions are to be removed, click Delete, and click OK.