kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bala <kbkre...@yahoo.com.INVALID>
Subject Re: Kafka ACL issue - Operation denied despite having full access to the topic
Date Fri, 28 Sep 2018 16:13:29 GMT
Producer using the Java API. I did configure the jaas config as per docs. It looks like is
working and the authentication is succeeded but the authorization is not honoring the ACL
   On Friday, September 28, 2018, 11:56:24 AM EDT, Vahid Hashemian <vahid.hashemian@gmail.com>
wrote:  
 
 Hi Bala,

What operation/command are you trying that gives you this error?

--Vahid

On Fri, Sep 28, 2018 at 7:12 AM Bala <kbkreddy@yahoo.com.invalid> wrote:

> I have a kafka with kerberos security and trying to use the ACL and am not
> able to make it work.
>
> Here is the error I am seeing in the server log.[2018-09-28 14:06:54,152]
> INFO Principal = User:storm-mytestcluster is Denied Operation = Describe
> from host = <ip address of host> on resource = Topic:icd_alpha
> (kafka.authorizer.logger)
> [2018-09-28 14:06:54,312] INFO Principal = User:storm-mytestcluster is
> Denied Operation = Describe from host = <ip address of host> on resource =
> Topic:icd_alpha (kafka.authorizer.logger)
> [2018-09-28 14:06:54,472] INFO Principal = User:storm-mytestcluster is
> Denied Operation = Describe from host = <ip address of host> on resource =
> Topic:icd_alpha (kafka.authorizer.logger)
> [2018-09-28 14:06:54,631] INFO Principal = User:storm-mytestcluster is
> Denied Operation = Describe from host = <ip address of host> on resource =
> Topic:icd_alpha (kafka.authorizer.logger)
> [2018-09-28 14:06:54,793] INFO Principal = User:storm-mytestcluster is
> Denied Operation = Describe from host = <ip address of host> on resource =
> Topic:icd_alpha (kafka.authorizer.logger)
> [2018-09-28 14:06:54,953] INFO Principal = User:storm-mytestcluster is
> Denied Operation = Describe from host = <ip address of host> on resource =
> Topic:icd_alpha (kafka.authorizer.logger)
>
>
>
> But the user has full access to the topic: Here is the output of `list `
> command
>
> Current ACLs for resource `Topic:icd_alpha`:
>      user:storm-mytestcluster has Allow permission for operations: All
> from hosts: *
>
> Please help me, as I am kind of blocked and don't know how to proceed
> further.
> ThanksBala
>
  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message