Kafka provides Access Control Lists (ACLs) to control authorization over your cluster. To enable ACL management in Kafka you need to set up an Authorizer, a plugin to authorize operations to different resources. Once set, you can authorize Principals, clients or entities that can be authenticated to your cluster via your security protocols.
Lenses security model is not deeply integrated with Kafka ACLs. That means that the authorization controls from your user groups in Lenses are not going to be mapped to Kafka ACLs. However, Lenses gives visibility to your Kafka ACLs and allows authorized users to manage them.
A high number of ACLs may decrease the performance of Kafka. For security and performance aware projects, you can use Lenses access management for users and Kafka ACLs for applications.
Access Management & permissions
To use Kafka ACLs, the Brokers require an authorizer to be set. When the authorizer is not enabled you will not be able to create any ACLs.
If you do not have ACLs enabled you will see the bellow:
Apache Kafka documentation on ACLs
To create new ACLs, navigate to Admin and Kafka ACLs. Select the permission, resource and operation:
With the authorizer set up, you can create, search, and manage your ACLs:
Kafka ACLs are also supported by the CLI to enable automation scenarios.
CLI - API
Can I distribute ACL creation to namespace owners?
Currently Kafka ACLs governance is global. That means that users with the appropriate permissions can manage them for the whole cluster.
On this page
