Updated on 2024-05-30 GMT+08:00

Configuring Kafka Topic Permissions

DMS for Kafka supports access control list (ACL) for topics. You can differentiate user permissions by granting users different permissions in a topic.

This section describes how to grant topic permissions to a user with SASL_SSL enabled. For details about how to create a user, see Configuring Kafka Users.

Constraints

  • If no user is granted any permission for a topic and allow.everyone.if.no.acl.found is set to true, all users can subscribe to or publish messages to the topic.
  • If allow.everyone.if.no.acl.found is set to false, only the authorized users can subscribe to or publish messages to the topic. The value of allow.everyone.if.no.acl.found can be modified.
  • If one or more users are granted permissions for a topic, only the authorized users can subscribe to or publish messages to the topic.
  • If both the default and individual user permissions are configured for a topic, the union of the permissions is used.

Prerequisites

  • SASL_SSL has been enabled when you create the Kafka instance.
  • (Optional) A user has been created. For details, see Configuring Kafka Users.

Configuring Topic Permissions

  1. Log in to the console.
  2. Click in the upper left corner to select a region.

    Select the region where your Kafka instance is located.

  3. Click and choose Application > Distributed Message Service for Kafka to open the console of DMS for Kafka.
  4. Click the desired Kafka instance to view the instance details.
  5. In the navigation pane, choose Topics.
  6. In the row that contains the topic for which you want to configure user permissions, click Grant User Permission.

    In the upper part of the Grant User Permission dialog box, the topic information is displayed, including the topic name, number of partitions, aging time, number of replicas, and whether synchronous flushing and replication are enabled. You can enable Default permissions to grant the same permissions for all users. You can use the search box to search for a user if there are many users. In the Users area, the list of created users is displayed. In the Selected area, you can grant permissions to the selected users.

  7. Grant topic permissions to users.

    • To grant the same permissions to all users, select Default permissions and then select permissions. As shown in the following figure, all users have the permission to publish messages to this topic.
      Figure 1 Granting the same rights to all users
    • To grant different permissions to different users, do not select Default permissions. In the Users area of the Grant User Permission dialog box, select target users. In the Selected area, configure permissions (Subscribe, Publish, or Publish/Subscribe) for the users. As shown in the following figure, only the test, send, and receive users can subscribe to or publish messages to this topic. The send_receive user cannot subscribe to or publish messages to this topic.
      Figure 2 Granting permissions to individual users

    If both the default and individual user permissions are configured for a topic, the union of the permissions is used. As shown in the following figure, the test and receive users can subscribe to and publish messages to this topic.

    Figure 3 Granting topic permissions to users

  8. Click OK.

    On the Topics tab page, click next to the topic name to view the authorized users and their permissions.

    Figure 4 Viewing authorized users and their permissions

(Optional) Deleting Topic Permissions

  1. Log in to the console.
  2. Click in the upper left corner to select a region.

    Select the region where your Kafka instance is located.

  3. Click and choose Application > Distributed Message Service for Kafka to open the console of DMS for Kafka.
  4. Click the desired Kafka instance to view the instance details.
  5. In the navigation pane, choose Topics.
  6. In the row that contains the topic for which you want to remove user permissions, click Grant User Permission.
  7. In the Selected area of the displayed Grant User Permission dialog box, locate the row that contains the user whose permissions are to be removed, click Delete, and click OK.