You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by gu...@apache.org on 2018/06/27 16:35:47 UTC

[kafka] branch trunk updated: HOTFIX: remove old security suggestions

This is an automated email from the ASF dual-hosted git repository.

guozhang pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 7ea8a25  HOTFIX: remove old security suggestions
7ea8a25 is described below

commit 7ea8a25a4c03c0c5f342d621eacd07ff62489b06
Author: Guozhang Wang <wa...@gmail.com>
AuthorDate: Wed Jun 27 09:35:34 2018 -0700

    HOTFIX: remove old security suggestions
---
 docs/streams/developer-guide/security.html | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/docs/streams/developer-guide/security.html b/docs/streams/developer-guide/security.html
index e196e14..821a34e 100644
--- a/docs/streams/developer-guide/security.html
+++ b/docs/streams/developer-guide/security.html
@@ -67,16 +67,15 @@
             <p>Kafka clusters can use ACLs to control access to resources (like the ability to create topics), and for such clusters each client,
                 including Kafka Streams, is required to authenticate as a particular user in order to be authorized with appropriate access.
                 In particular, when Streams applications are run against a secured Kafka cluster, the principal running the application must have
-                the ACL
-                <code class="docutils literal"><span class="pre">--cluster</span> <span class="pre">--operation</span> <span class="pre">Create</span></code> set so that the application has the permissions to create
+                the ACL set so that the application has the permissions to create, read and write
                 <a class="reference internal" href="manage-topics.html#streams-developer-guide-topics-internal"><span class="std std-ref">internal topics</span></a>.</p>
 
             <p>Since all internal topics as well as the embedded consumer group name are prefixed with the <a class="reference internal" href="/{{version}}/documentation/streams/developer-guide/config-streams.html#required-configuration-parameters"><span class="std std-ref">application id</span></a>,
                 it is recommended to use ACLs on prefixed resource pattern
                 to configure control lists to allow client to manage all topics and consumer groups started with this prefix
+                as <code class="docutils literal"><span class="pre">--resource-pattern-type prefixed --topic your.application.id --operation All </span></code>
                 (see <a class="reference external" href="https://cwiki.apache.org/confluence/display/KAFKA/KIP-277+-+Fine+Grained+ACL+for+CreateTopics+API">KIP-277</a>
                 and <a class="reference external" href="https://cwiki.apache.org/confluence/display/KAFKA/KIP-290%3A+Support+for+Prefixed+ACLs">KIP-290</a> for details).
-                For example, given the following setup of your Streams application:
             </p>
         </div>
         <div class="section" id="security-example">