You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -264,7 +264,7 @@ <h3><a id="security_authz">7.4 Authorization and ACLs</a></h3>
Kafka ships with a pluggable Authorizer and an out-of-box authorizer implementation that uses zookeeper to store all the acls. Kafka acls are defined in the general format of "Principal P is [Allowed/Denied] Operation O From Host H On Resource R". You can read more about the acl structure on KIP-11. In order to add, remove or list acls you can use the Kafka authorizer CLI. By default, if a Resource R has no associated acls, no one other than super users is allowed to access R. If you want change that behavior, you can include the following in broker.properties.
<pre>allow.everyone.if.no.acl.found=true</pre>
One can also add super users in broker.properties like the following.
<pre>super.users=User:Bob,User:Alice</pre>
<pre>super.users=User:Bob;User:Alice</pre>
<h4>Command Line Interface</h4>
Kafka Authorization management CLI can be found under bin directory with all the other CLIs. The CLI script is called <b>kafka-acls.sh</b>. Following lists all the options that the script supports:
<p></p>
Expand DownExpand Up
@@ -301,7 +301,7 @@ <h4>Command Line Interface</h4>
</tr>
<tr>
<td>--authorizer-properties</td>
<td>comma separated key=val pairs that will be passed to authorizer for initialization.</td>
<td>key=val pairs that will be passed to authorizer for initialization. For the default authorizer the example values are: zookeeper.connect=localhost:2181</td>
