Updated on 2024-10-10 GMT+08:00

Configuring Kafka Topic Permissions

Kafka instances with ciphertext access enabled support access control list (ACL) for topics. You can differentiate user permissions by granting users different permissions in a topic.

This section describes how to grant topic permissions to users after ciphertext access is enabled for Kafka instances.

This function is unavailable for single-node instances.

Constraints

  • If parameter allow.everyone.if.no.acl.found is set to true and no topic is granted for a user, all users can subscribe to or publish messages to the topic. If permissions for a topic has been granted to one or more users, only these users can subscribe to or publish messages to the topic. The value of allow.everyone.if.no.acl.found can be modified.
  • If allow.everyone.if.no.acl.found is set to false, only the authorized users can subscribe to or publish messages to the topic. The value of allow.everyone.if.no.acl.found can be modified.
  • If both the default and individual user permissions are configured for a topic, the union of the permissions is used.

Prerequisites

Procedure

  1. Log in to the console.
  2. Click in the upper left corner to select a region.

    Select the region where your Kafka instance is located.

  3. Click and choose Middleware > Distributed Message Service (for Kafka) to open the console of DMS for Kafka.
  4. Click the desired Kafka instance to view the instance details.
  5. In the navigation pane, choose Topics.
  6. In the row containing the desired topic, click Grant User Permission.
  7. Grant topic permissions to users.

    • To grant the same permissions to all users, select Default permissions and then select permissions. As shown in the following figure, all users have the permission to publish messages to this topic.
      Figure 1 Granting the same permissions to all users
    • To grant different permissions to different users, do not select Default permissions. In the Users area of the Grant User Permission dialog box, select target users. If there are many users, enter the username in the search box for a quick search. In the Selected area, configure permissions (Subscribe, Publish, or Publish/Subscribe) for the users. As shown in the following figure, only the test, send, and receive users can subscribe to or publish messages to this topic. The send_receive user cannot subscribe to or publish messages to this topic.
      Figure 2 Granting permissions to individual users

    If both the default and individual user permissions are configured for a topic, the union of the permissions is used. As shown in the following figure, the test and receive users can subscribe to and publish messages to this topic.

    Figure 3 Granting topic permissions to users

  8. Click OK.

    On the Topics tab page, click next to the topic name to view the authorized users and their permissions.

    Figure 4 Viewing authorized users and their permissions

Deleting Topic Permissions

  1. Log in to the console.
  2. Click in the upper left corner to select a region.

    Select the region where your Kafka instance is located.

  3. Click and choose Middleware > Distributed Message Service (for Kafka) to open the console of DMS for Kafka.
  4. Click the desired Kafka instance to view the instance details.
  5. In the navigation pane, choose Topics.
  6. In the row containing the desired topic, click Grant User Permission.
  7. In the Selected area of the displayed Grant User Permission dialog box, locate the row that contains the user whose permissions are to be removed, click Delete, and click OK.