vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/dms/umn/kafka-ug-0002.html
Chen, Junjie 1588318a68 DMS UMN 20240723 version 
Reviewed-by: Antonova, Ekaterina <ekantono@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: Chen, Junjie <chenjunjie@huawei.com>
Co-committed-by: Chen, Junjie <chenjunjie@huawei.com>
2024-08-14 12:31:58 +00:00

34 lines
9.4 KiB
HTML
Raw Permalink Blame History

<a name="kafka-ug-0002"></a><a name="kafka-ug-0002"></a>
<h1 class="topictitle1">Configuring Kafka Topic Permissions</h1>
<div id="body0000001135061465"><p id="kafka-ug-0002__p39139363712">Kafka instances with ciphertext access enabled support access control list (ACL) for topics. You can differentiate user permissions by granting users different permissions in a topic.</p>
<p id="kafka-ug-0002__p8060118">This section describes how to grant topic permissions to users after ciphertext access is enabled for Kafka instances. For details about how to create a user, see <a href="kafka-ug-0003.html">Configuring Kafka ACL Users</a>.</p>
<div class="note" id="kafka-ug-0002__note1040520370127"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kafka-ug-0002__p6405193714128">This function is unavailable for single-node instances.</p>
</div></div>
<div class="section" id="kafka-ug-0002__section72106105915"><h4 class="sectiontitle">Constraints</h4><ul id="kafka-ug-0002__ul145581610135911"><li id="kafka-ug-0002__li18558210205911">If parameter <strong id="kafka-ug-0002__b811114584494">allow.everyone.if.no.acl.found</strong> is set to <strong id="kafka-ug-0002__b1161313018506">true</strong> and no topic is granted for a user, all users can subscribe to or publish messages to the topic. If permissions for a topic has been granted to one or more users, only these users can subscribe to or publish messages to the topic. The value of <strong id="kafka-ug-0002__b3674101014178">allow.everyone.if.no.acl.found</strong> can be <a href="kafka-ug-0007.html">modified</a>.</li><li id="kafka-ug-0002__li45291455153115">If <strong id="kafka-ug-0002__b44614219542">allow.everyone.if.no.acl.found</strong> is set to <strong id="kafka-ug-0002__b19461221185416">false</strong>, only the authorized users can subscribe to or publish messages to the topic. The value of <strong id="kafka-ug-0002__b8656183017547">allow.everyone.if.no.acl.found</strong> can be <a href="kafka-ug-0007.html">modified</a>.</li><li id="kafka-ug-0002__li79206532597">If both the default and individual user permissions are configured for a topic, the union of the permissions is used.</li></ul>
</div>
<div class="section" id="kafka-ug-0002__section10943454010"><h4 class="sectiontitle">Prerequisites</h4><ul id="kafka-ug-0002__ul894011501594"><li id="kafka-ug-0002__li21037611713"><a href="kafka_ug_0044.html">Ciphertext has been enabled</a> for the instance.</li><li id="kafka-ug-0002__li1985015521192"><a href="kafka-ug-0003.html">A user is created</a>.</li></ul>
</div>
<div class="section" id="kafka-ug-0002__section590513285108"><h4 class="sectiontitle">Procedure</h4><ol id="kafka-ug-0002__ol19541635141014"><li id="kafka-ug-0002__li10427115412419"><span>Log in to the console.</span></li><li id="kafka-ug-0002__li14905725134512"><span>Click <span><img id="kafka-ug-0002__image125587350" src="en-us_image_0143929918.png"></span> in the upper left corner to select a region.</span><p><div class="note" id="kafka-ug-0002__note596412409275"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kafka-ug-0002__p11964174020277">Select the region where your Kafka instance is located.</p>
</div></div>
</p></li><li id="kafka-ug-0002__li189561034172215"><span>Click <strong id="kafka-ug-0002__b176690015395711">Service List</strong> and choose <strong id="kafka-ug-0002__b203556207095711">Application</strong> &gt; <strong id="kafka-ug-0002__b214704539495711">Distributed Message Service</strong>. The Kafka instance list is displayed.</span></li><li id="kafka-ug-0002__li374185811449"><span>Click the desired Kafka instance to view the instance details.</span></li><li id="kafka-ug-0002__li1592622914109"><span>In the navigation pane, choose <strong id="kafka-ug-0002__b1656012185359">Topics</strong>.</span></li><li id="kafka-ug-0002__li5603131715114"><span>In the row containing the desired topic, click <strong id="kafka-ug-0002__b171077249911">Grant User Permission</strong>.</span></li><li id="kafka-ug-0002__li26339382112"><span>Grant topic permissions to users.</span><p><ul id="kafka-ug-0002__ul1324592715341"><li id="kafka-ug-0002__li3245132783414">To grant the same permissions to all users, select <strong id="kafka-ug-0002__b720650181312">Default permissions</strong> and then select permissions. As shown in the following figure, all users have the permission to publish messages to this topic.<div class="fignone" id="kafka-ug-0002__fig1296818488262"><span class="figcap"><b>Figure 1 </b>Granting the same permissions to all users</span><br><span><img id="kafka-ug-0002__image19968104882610" src="en-us_image_0000001803832641.png"></span></div>
</li><li id="kafka-ug-0002__li98266361346">To grant different permissions to different users, do not select <strong id="kafka-ug-0002__b1891135551414">Default permissions</strong>. In the <strong id="kafka-ug-0002__b19982118144">Users</strong> area of the <strong id="kafka-ug-0002__b179918212145">Grant User Permission</strong> dialog box, select target users. If there are many users, enter the username in the search box for a quick search. In the <strong id="kafka-ug-0002__b8288885159">Selected</strong> area, configure permissions (<strong id="kafka-ug-0002__b828813810152">Subscribe</strong>, <strong id="kafka-ug-0002__b02896891510">Publish</strong>, or <strong id="kafka-ug-0002__b162895815154">Publish/Subscribe</strong>) for the users. As shown in the following figure, only the <strong id="kafka-ug-0002__b122738147152">test</strong>, <strong id="kafka-ug-0002__b927351491512">send</strong>, and <strong id="kafka-ug-0002__b142731814191520">receive</strong> users can subscribe to or publish messages to this topic. The <strong id="kafka-ug-0002__b1827361441516">send_receive</strong> user cannot subscribe to or publish messages to this topic.<div class="fignone" id="kafka-ug-0002__fig256093293211"><span class="figcap"><b>Figure 2 </b>Granting permissions to individual users</span><br><span><img id="kafka-ug-0002__image556017326322" src="en-us_image_0000001803837729.png"></span></div>
</li></ul>
<p id="kafka-ug-0002__p84261815153410"><strong id="kafka-ug-0002__b11658953165">If both the default and individual user permissions are configured for a topic, the union of the permissions is used.</strong> As shown in the following figure, the <strong id="kafka-ug-0002__b41554192161">test</strong> and <strong id="kafka-ug-0002__b1970421141615">receive</strong> users can subscribe to and publish messages to this topic.</p>
<div class="fignone" id="kafka-ug-0002__fig6811183873615"><span class="figcap"><b>Figure 3 </b>Granting topic permissions to users</span><br><span><img id="kafka-ug-0002__image1881153833617" src="en-us_image_0000001757003050.png"></span></div>
</p></li><li id="kafka-ug-0002__li1382382916138"><span>Click <strong id="kafka-ug-0002__b1085852516163">OK</strong>.</span><p><p id="kafka-ug-0002__p539162720537">On the <strong id="kafka-ug-0002__b37061384187">Topics</strong> tab page, click <span><img id="kafka-ug-0002__image936110268308" src="en-us_image_0000001160594580.png"></span> next to the topic name to view the authorized users and their permissions.</p>
<div class="fignone" id="kafka-ug-0002__fig137611217184111"><span class="figcap"><b>Figure 4 </b>Viewing authorized users and their permissions</span><br><span><img id="kafka-ug-0002__image376101794110" src="en-us_image_0000001803846097.png"></span></div>
</p></li></ol>
</div>
<div class="section" id="kafka-ug-0002__section1586284693920"><h4 class="sectiontitle">Deleting Topic Permissions</h4><ol id="kafka-ug-0002__ol1077994717411"><li id="kafka-ug-0002__li15841952144118"><span>Log in to the console.</span></li><li id="kafka-ug-0002__li78417529412"><span>Click <span><img id="kafka-ug-0002__image1732627323" src="en-us_image_0143929918.png"></span> in the upper left corner to select a region.</span><p><div class="note" id="kafka-ug-0002__note118485234117"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kafka-ug-0002__p178415215415">Select the region where your Kafka instance is located.</p>
</div></div>
</p></li><li id="kafka-ug-0002__li138414528419"><span>Click <strong id="kafka-ug-0002__b44095891395711">Service List</strong> and choose <strong id="kafka-ug-0002__b82968184395711">Application</strong> &gt; <strong id="kafka-ug-0002__b112248447295711">Distributed Message Service</strong>. The Kafka instance list is displayed.</span></li><li id="kafka-ug-0002__li108412522412"><span>Click the desired Kafka instance to view the instance details.</span></li><li id="kafka-ug-0002__li9844521415"><span>In the navigation pane, choose <strong id="kafka-ug-0002__b1896910196359">Topics</strong>.</span></li><li id="kafka-ug-0002__li137961310438"><span>In the row containing the desired topic, click <strong id="kafka-ug-0002__b14290143212214">Grant User Permission</strong>.</span></li><li id="kafka-ug-0002__li11597174515430"><span>In the <strong id="kafka-ug-0002__b1638174819226">Selected</strong> area of the displayed <strong id="kafka-ug-0002__b1395256172218">Grant User Permission</strong> dialog box, locate the row that contains the user whose permissions are to be removed, click <strong id="kafka-ug-0002__b17662206192313">Delete</strong>, and click <strong id="kafka-ug-0002__b19957151615232">OK</strong>.</span></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="kafka-ug-0720001.html">Configuring Topics</a></div>
</div>
</div>
View Git Blame Copy Permalink