So I have a Kafka cluster running with zookeeper with SSL. I gave a read permission to a user for a specific topic on the Kafka ACL: I can see it in zookeeper. When this user is consuming the data, they are getting a Group Authorization Exception. Do I need to add every group to the ACL? I am confuse about this error. Thank you
Kafka permission on a topic creating a Group Authorization Exception
3.8k views Asked by CMPE At
1
There are 1 answers
Related Questions in APACHE-KAFKA
- No method found for class java.lang.String in Kafka
- How to create beans of the same class for multiple template parameters in Spring
- Troubleshoot .readStream function not working in kafka-spark streaming (pyspark in colab notebook)
- Handling and ignore UNKNOWN_TOPIC_OR_PARTITION error in Kafka Streams
- Connect Apache Flink with Apache kudu as sink using Pyflink
- Embedded Kafka Failed to Start After Spring Starter Parent Version 3.1.10
- Producer Batching Service Bus Vs Kafka
- How to create a docker composer environment where containers can communicate each other?
- Springboot Kafka Consumer unable to maintain connect to kafka cluster brokers
- Kafka integration between two micro service which can respond back to the same function initiated the request
- Configuring Apache Spark's MemoryStream to simulate Kafka stream
- Opentelemetry Surpresses Kafka Produce Message Java
- Kafka: java.lang.NoClassDefFoundError: Could not initialize class org.apache.logging.log4j.core.appender.mom.kafka.KafkaManager
- MassTransit Kafka producers configure to send several events to the same Kafka topic
- NoClassDefFoundError when running JAR file with Apache Kafka dependencies
Related Questions in ACL
- How to send message to syslog agent in plsql
- Double permission entries in folder
- How to create a file with rw permissions(0600) on the current user only in Go for Windows?
- Get Apache to create files as the web site owner
- how to create ACL for microservice
- Consul ACL - Policies
- How can I pass ACL inside upload method of gcloud-aio-storage client library?
- Set acl in haproxy based on client ip using map_ip
- No such object (32) error is occuring:ldapsearch -x -LLL -H ldap://IP -D "cn=admin,dc=mynewdomain,dc=com" -W -b cn=config "(objectClass=*)"
- Set permission to users during databricks notebook runtime
- ClickHouse dry run query
- Prevent searching mail=* in OpenLDAP
- trino with ranger acces control does not work with ms sql server connector table functions
- Get-ACL with Invoke-Command
- In oracle, ORA-29273: HTTP request failed ORA-29024: Certificate validation failure
Related Questions in KAFKA-TOPIC
- Kafka Topic vs. Kafka Log - What is the difference between these two?
- How can I reset the topic offset while consuming from Kafka topic?
- How can I convert the Kafka message timestamp to date and time format in C#?
- why my kafka consumer reads sometimes yes and sometimes no
- Kafka topic retenrtion.ms works strange
- How to send headers from Pentaho DI to Kafka?
- In Kafka, the topic is not getting leader after recreation post deletion
- Kafka JMX metric that give us the dirty ratio for a topic partition?
- Can I use KafkaItemReader in Spring Batch to read from multiple topics?
- Joining two Java KStreams (Kafka Topics) with "nearly" identical keys
- Kafka consumer behaviour with multiple topics
- Publishing an AVRO messages to topic via Kafka REST
- Create MSK Kafka topic through Terraform
- Do each Kafka Producer/Consumer occupy a one partition in topic?
- Dependencies in archetype-post-generation.groovy script cannot be resolved
Related Questions in ACCESS-CONTROL-LIST
- Is there a universal way to test the Access Control List of a folder and its children in PowerShell, independently of inheritance?
- Azure DevOps - Decode ACE permission bits
- Kafka permission on a topic creating a Group Authorization Exception
- Is it possible to review the changes to ACL? Where should I search for logs?
- `security unlock-keychain` from a bash script
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
You can update your post with exception trace.
Keeping that aside, the following is the exception we receive, if any client is not Authorized to perform Produce/Consume events.
If you are receiving such exception, you need to make sure you have defined your ACL principle correctly.
Principle Definition
In order to add, remove or list ACLs you can use the Kafka authorizer CLI. By default, if no ResourcePatterns match a specific Resource R, then R has no associated acls, and therefore no one other than super users is allowed to access R. If you want to change that behaviour, you can include the following in server.properties.
Sample Principle
Suppose you want to add an ACL "Principals User:Bob and User:Alice are allowed to perform Operation Read and Write on Topic Test-Topic from IP 198.51.100.0 and IP 198.51.100.1". You can do that by executing the CLI with following options:
bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:Bob --allow-principal User:Alice --allow-host 198.51.100.0 --allow-host 198.51.100.1 --operation Read --operation Write --topic Test-topic