You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@kafka.apache.org by Gustavo Ferreira <Gu...@curve.com> on 2021/11/18 14:42:52 UTC
ACL permissions bypass
Hi all,
While debugging an issue in our dev environment, I came to the realization
that we are not setting the DESCRIBE ACL permission for a given
topic/service-account mapping, yet the consumer is able to fetch messages
from that topic without any issues.
The documentation says this topic ACL allows for the following API
requests: ListOffsets, Metadata, OffsetFetch.
These are all API calls that a consumer makes during normal operations and
we are indeed able to successfully get responses to these calls without
granting the TOPIC DESCRIBE ACL to the topic/service-account being used by
the consumer.
Ref:
https://docs.confluent.io/platform/current/kafka/authorization.html#operations
Best regards,
Gustavo