kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shrikant Patel <SPa...@pdxinc.com>
Subject Restrict who can change ACLs
Date Tue, 04 Oct 2016 14:16:51 GMT
Hi All,

How can I restrict who can modify ACLs for kafka cluster? Anyone can use kafka-acls cli to
modify the acl.

I added superuser and thought that when we are running the kafka-acls, it validates that only
spatel user can run this command. So what prevents user on n\w trying to modify ACLs.

authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
super.users=User:CN=spatel-lt.nhsrx.com,OU=arch,O=pdx inc,L=fort worth,ST=tx,C=us

Current ACLs for resource `Cluster:kafka-cluster`:
        User:CN=spatel-lt,OU=arch,O=pdx inc,L=fort worth,ST=tx,C=us has Allow permission for
operations: Create from hosts: *

Am I missing anything???

Thanks in advance,
Shri
______________________________________________________________
Shrikant Patel   |   PDX-NHIN
Enterprise Architecture Team
Asserting the Role of Pharmacy in Healthcare  www.pdxinc.com<http://www.pdxinc.com/>
main 817.246.6760 | ext 4302
101 Jim Wright Freeway South, Suite 200, Fort Worth, Texas 76108-2202<http://maps.google.com/maps?q=PDX,+Inc.&hl=en&sll=32.758696,-97.476397&sspn=0.006295,0.006295&filter=0&update=1&t=h&z=17&iwloc=A>


P Please consider the environment before printing this email.

This e-mail and its contents (to include attachments) are the property of National Health
Systems, Inc., its subsidiaries and affiliates, including but not limited to Rx.com Community
Healthcare Network, Inc. and its subsidiaries, and may contain confidential and proprietary
or privileged information. If you are not the intended recipient of this e-mail, you are hereby
notified that any unauthorized disclosure, copying, or distribution of this e-mail or of its
attachments, or the taking of any unauthorized action based on information contained herein
is strictly prohibited. Unauthorized use of information contained herein may subject you to
civil and criminal prosecution and penalties. If you are not the intended recipient, please
immediately notify the sender by telephone at 800-433-5719 or return e-mail and permanently
delete the original e-mail.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message