So I have a Kafka cluster running with zookeeper with SSL. I gave a read permission to a user for a specific topic on the Kafka ACL: I can see it in zookeeper. When this user is consuming the data, they are getting a Group Authorization Exception. Do I need to add every group to the ACL? I am confuse about this error. Thank you
Kafka permission on a topic creating a Group Authorization Exception
3.8k Views Asked by CMPE At
1
There are 1 best solutions below
Related Questions in APACHE-KAFKA
- Spark streaming + kafka throughput
- How to diagnose Kafka topics failing globally to be found
- kafka: what do 'soTimeout', 'bufferSize' and 'minBytes' mean for SimpleConsumer?
- Fail to create SparkContext
- Syntax error on tokens, delete these tokens - kafka spring integration demo application
- How could Kafka 0.8.2.1 with offsets.storage=kafka still require ZooKeeper?
- Message Queues: Per Message Guarantees
- How should a Kafka HLC figure out the # of partitions for a topic?
- Kafka multiple consumers for a partition
- Should Apache Kafka and Hadoop be installed seperatedly (on a diffrent cluster)?
- how does one combine kafka-node producer and node tail?
- How to fix NoClassDefFoundError with custom Kafka producer under Eclipse?
- Apache Samza's CheckpointTool won't give away partition offsets
- Offsets for Kafka Direct Approach in Spark 1.3.1
- Simulate kafka broker failures in multi node kafka cluster and what operations and tools to use to mitigate data loss issues
Related Questions in ACL
- Logic for determining if a user has write access to a folder not working
- Phalcon PHP - Get all permitted resources
- Extracting file persmission data in Ansible
- How to set the read ACL on container in open stack swift such that allow Read for all users and deny for one user
- Really simple codeigniter access control
- How can I do following thing through any code,script
- Setting ACL for new Parse user in swift
- Check if current user has permission for pyramid service?
- C# Folder ACL's not applying
- How can I add a new host to an existent Oracle ACL?
- How should ACL work in a REST API?
- Securing the domain object with Spring ACL 3
- What is mask in HDFS folder permission
- SpringBoot SpringSecurity ACL @PostFilter
- design system with server controlled UI display in Angular(Front-end)+ Java(Back-end)
Related Questions in KAFKA-TOPIC
- How Kafka guarantee the messages order while we increase the partitions in runtime?
- Apache Flink - Partitioning the stream equally as the input Kafka topic
- Does Kafka chose an alternative partition in the same topic if the partition I want to send message to was full of disk?
- What happens to the offsets that are compacted in a kafka partition?
- Does Kafka consumer reads the message from active segment in the partition?
- after kafkaTemplate.send(topic, avdlObject); appends dataType in value
- In Kafka, the topic is not getting leader after recreation post deletion
- How to send headers from Pentaho DI to Kafka?
- How to access Kafka through nodeport
- Can compacted Kafka topic be used as key-value database?
- Kafka topic returns 0 messages
- Where is offset of consumer stored in Kafka
- Kafka: auto create topic with options
- Decrease topic replication factor after Kafka brokers removed from cluster and failed reassignments
- How to programmatically create a topic in Apache Kafka using C++ client librdkafka
Related Questions in ACCESS-CONTROL-LIST
- Azure DevOps - Decode ACE permission bits
- Is it possible to review the changes to ACL? Where should I search for logs?
- Kafka permission on a topic creating a Group Authorization Exception
- Is there a universal way to test the Access Control List of a folder and its children in PowerShell, independently of inheritance?
- `security unlock-keychain` from a bash script
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
You can update your post with exception trace.
Keeping that aside, the following is the exception we receive, if any client is not Authorized to perform Produce/Consume events.
If you are receiving such exception, you need to make sure you have defined your ACL principle correctly.
Principle Definition
In order to add, remove or list ACLs you can use the Kafka authorizer CLI. By default, if no ResourcePatterns match a specific Resource R, then R has no associated acls, and therefore no one other than super users is allowed to access R. If you want to change that behaviour, you can include the following in server.properties.
Sample Principle
Suppose you want to add an ACL "Principals User:Bob and User:Alice are allowed to perform Operation Read and Write on Topic Test-Topic from IP 198.51.100.0 and IP 198.51.100.1". You can do that by executing the CLI with following options:
bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:Bob --allow-principal User:Alice --allow-host 198.51.100.0 --allow-host 198.51.100.1 --operation Read --operation Write --topic Test-topic