vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/dms/umn/kafka-ug-0003.html
Chen, Junjie 1588318a68 DMS UMN 20240723 version 
Reviewed-by: Antonova, Ekaterina <ekantono@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: Chen, Junjie <chenjunjie@huawei.com>
Co-committed-by: Chen, Junjie <chenjunjie@huawei.com>
2024-08-14 12:31:58 +00:00

68 lines
14 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<a name="kafka-ug-0003"></a><a name="kafka-ug-0003"></a>
<h1 class="topictitle1">Configuring Kafka ACL Users</h1>
<div id="body0000001088319628"><p id="kafka-ug-0003__p1338294114214">Kafka instances with ciphertext access enabled support access control list (ACL) for topics. You can isolate users by granting them different permissions in a topic.</p>
<p id="kafka-ug-0003__p8060118">This section describes how to create users, reset the password, and delete users with ciphertext access enabled. For details about how to grant topic permissions for users, see <a href="kafka-ug-0002.html">Configuring Kafka Topic Permissions</a>.</p>
<p id="kafka-ug-0003__p1458774110512"><strong id="kafka-ug-0003__b12253131455816">The maximum number of users that can be created for a Kafka instance is 20 or 500. Check the console for the actual limit.</strong></p>
<p id="kafka-ug-0003__p1554081120315">There are two ways to create a user on the console. Accordingly, there are two ways to reset the user's password:</p>
<ul id="kafka-ug-0003__ul54301340154214"><li id="kafka-ug-0003__li1345517527428">Initial user: The user set when ciphertext access is enabled for the first time. If you forget your password, reset it by referring to <a href="#kafka-ug-0003__section125811843123418">Resetting the Password (for the Initial User)</a>.</li><li id="kafka-ug-0003__li1532124103319">Non-initial users: Users created on the <strong id="kafka-ug-0003__b17264134582611">Users</strong> page. If you forget your password, reset it by referring to <a href="#kafka-ug-0003__section728275161010">Resetting the User Password (for Non-initial Users)</a>.</li></ul>
<div class="section" id="kafka-ug-0003__section10943454010"><h4 class="sectiontitle">Prerequisites</h4><ul id="kafka-ug-0003__ul1174452131810"><li id="kafka-ug-0003__li132572558186">Ciphertext access has been enabled for the Kafka instance.</li><li id="kafka-ug-0003__li1123290191911">Kafka users can be configured only for Kafka instances in the <strong id="kafka-ug-0003__b157814449294">Running</strong> state.</li></ul>
</div>
<div class="section" id="kafka-ug-0003__section1591023011232"><h4 class="sectiontitle">Constraints</h4><ul id="kafka-ug-0003__ul1314511171243"><li id="kafka-ug-0003__li414511752414">This function is unavailable for single-node instances.</li><li id="kafka-ug-0003__li2058172082413">Resetting a user password will interrupt services. Change the user password in the client configuration file or code as soon as possible.</li></ul>
</div>
<div class="section" id="kafka-ug-0003__section1516984134111"><h4 class="sectiontitle">Creating a User</h4><ol id="kafka-ug-0003__ol1698374734110"><li id="kafka-ug-0003__li10427115412419"><span>Log in to the console.</span></li><li id="kafka-ug-0003__li14905725134512"><span>Click <span><img id="kafka-ug-0003__image6685105755610" src="en-us_image_0143929918.png"></span> in the upper left corner to select a region.</span><p><div class="note" id="kafka-ug-0003__note596412409275"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kafka-ug-0003__p11964174020277">Select the region where your Kafka instance is located.</p>
</div></div>
</p></li><li id="kafka-ug-0003__li189561034172215"><span>Click <strong id="kafka-ug-0003__b212798716895711">Service List</strong> and choose <strong id="kafka-ug-0003__b98529038295711">Application</strong> &gt; <strong id="kafka-ug-0003__b203845457095711">Distributed Message Service</strong>. The Kafka instance list is displayed.</span></li><li id="kafka-ug-0003__li374185811449"><span>Click the desired instance to go to the instance details page.</span></li><li id="kafka-ug-0003__li1035485134519"><span>On the <strong id="kafka-ug-0003__b1259335712715">Users</strong> page, click <strong id="kafka-ug-0003__b111191227816">Create User</strong>.</span></li><li id="kafka-ug-0003__li69251656205910"><span>Set user information by referring to <a href="kafka-ug-0003.html">Configuring Kafka ACL Users</a>.</span><p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="kafka-ug-0003__table1275514209" frame="border" border="1" rules="all"><caption><b>Table 1 </b>User creation parameters</caption><thead align="left"><tr id="kafka-ug-0003__row127520142016"><th align="left" class="cellrowborder" valign="top" width="30%" id="mcps1.3.8.2.6.2.1.2.3.1.1"><p id="kafka-ug-0003__p7641944173520">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="70%" id="mcps1.3.8.2.6.2.1.2.3.1.2"><p id="kafka-ug-0003__p264154419353">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="kafka-ug-0003__row1275131420010"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.8.2.6.2.1.2.3.1.1 "><p id="kafka-ug-0003__p1275214005">Username</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.8.2.6.2.1.2.3.1.2 "><p id="kafka-ug-0003__p14276181413010">The username used to access a Kafka instance, you can customize a name that complies with the rules: 464 characters; starts with a letter; can contain only letters, digits, hyphens (-), and underscores (_).</p>
</td>
</tr>
<tr id="kafka-ug-0003__row17276161419011"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.8.2.6.2.1.2.3.1.1 "><p id="kafka-ug-0003__p92761314208">Password</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.8.2.6.2.1.2.3.1.2 "><p id="kafka-ug-0003__p1027618149011">The password used to access a Kafka instance. A password must meet the following requirements:</p>
<ul id="kafka-ug-0003__ul1113719595913"><li id="kafka-ug-0003__li15561352706">Contains 8 to 32 characters.</li><li id="kafka-ug-0003__li5818649418">Contains at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters `~! @#$ %^&amp;*()-_=+\|[{}];:'",&lt;.&gt;? and spaces, and cannot start with a hyphen (-).</li><li id="kafka-ug-0003__li994063220210">Cannot be the username spelled forward or backward.</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="kafka-ug-0003__li1269185312462"><span>Click <strong id="kafka-ug-0003__b894372143917">OK</strong>.</span><p><p id="kafka-ug-0003__p156921510185414">After the user is created, grant permissions to the user by referring to <a href="kafka-ug-0002.html">Configuring Kafka Topic Permissions</a>.</p>
</p></li></ol>
</div>
<div class="section" id="kafka-ug-0003__section125811843123418"><a name="kafka-ug-0003__section125811843123418"></a><a name="section125811843123418"></a><h4 class="sectiontitle">Resetting the Password (for the Initial User)</h4><ol id="kafka-ug-0003__ol251622212416"><li id="kafka-ug-0003__li14877128154119"><span>Log in to the console.</span></li><li id="kafka-ug-0003__li178771728154117"><span>Click <span><img id="kafka-ug-0003__image36143063912" src="en-us_image_0143929918.png"></span> in the upper left corner to select a region.</span><p><div class="note" id="kafka-ug-0003__note19877192864117"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kafka-ug-0003__p4877028184118">Select the region where your Kafka instance is located.</p>
</div></div>
</p></li><li id="kafka-ug-0003__li9877428144118"><span>Click <strong id="kafka-ug-0003__b11775207314">Service List</strong> and choose <strong id="kafka-ug-0003__b10775203313">Application</strong> &gt; <strong id="kafka-ug-0003__b1377920173116">Distributed Message Service</strong>. The Kafka instance list is displayed.</span></li><li id="kafka-ug-0003__li016683393117"><span>Reset the password for the initial user in either of the following ways.</span><p><ul id="kafka-ug-0003__ul1650453173112"><li id="kafka-ug-0003__li75012530317">Choose <strong id="kafka-ug-0003__b1752744783213">More</strong> &gt; <strong id="kafka-ug-0003__b4527194753219">Reset Kafka Password</strong> in the row containing the desired Kafka instance.</li><li id="kafka-ug-0003__li1437953121316">Click the desired Kafka instance to view its details. Choose <strong id="kafka-ug-0003__b8950527143314">More</strong> &gt; <strong id="kafka-ug-0003__b095092718331">Reset Kafka Password</strong> in the upper left corner.</li><li id="kafka-ug-0003__li1469112712320">Click the desired Kafka instance to view its details. On the <strong id="kafka-ug-0003__b21101238123319">Basic Information</strong> page, click <strong id="kafka-ug-0003__b14111338193311">Reset Password</strong> next to <strong id="kafka-ug-0003__b131111738153312">Username</strong> in the <strong id="kafka-ug-0003__b81112388332">Connection</strong> section.</li><li id="kafka-ug-0003__li2114142418399">Click the desired Kafka instance to view its details. On the <strong id="kafka-ug-0003__b8286154443312">Users</strong> page, click <strong id="kafka-ug-0003__b16286134414338">Reset Password</strong> in the row containing the desired user.</li></ul>
</p></li><li id="kafka-ug-0003__li387710282413"><span>Enter and confirm a new password, and click <strong id="kafka-ug-0003__b03978598336">OK</strong>.</span><p><ul id="kafka-ug-0003__ul1187852812416"><li id="kafka-ug-0003__li387892819419">If the password is successfully reset, a success message is displayed.</li><li id="kafka-ug-0003__li148781287418">If the password fails to be reset, a failure message is displayed. In this case, reset the password again. If you still fail to reset the password after multiple attempts, contact customer service.</li></ul>
<div class="note" id="kafka-ug-0003__note16878142884119"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kafka-ug-0003__p138784282410">The system will display a success message only after the password is successfully reset on all brokers.</p>
</div></div>
</p></li></ol>
</div>
<div class="section" id="kafka-ug-0003__section728275161010"><a name="kafka-ug-0003__section728275161010"></a><a name="section728275161010"></a><h4 class="sectiontitle">Resetting the User Password (for Non-initial Users)</h4><ol id="kafka-ug-0003__ol22913281193920"><li id="kafka-ug-0003__li5363940193920"><span>Log in to the console.</span></li><li id="kafka-ug-0003__li9198519213"><span>Click <span><img id="kafka-ug-0003__image1248910052" src="en-us_image_0143929918.png"></span> in the upper left corner to select a region.</span><p><div class="note" id="kafka-ug-0003__note61910516215"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kafka-ug-0003__p181912502116">Select the region where your Kafka instance is located.</p>
</div></div>
</p></li><li id="kafka-ug-0003__li61911522111"><span>Click <strong id="kafka-ug-0003__b176245228314">Service List</strong> and choose <strong id="kafka-ug-0003__b13624172211314">Application</strong> &gt; <strong id="kafka-ug-0003__b12624192213111">Distributed Message Service</strong>. The Kafka instance list is displayed.</span></li><li id="kafka-ug-0003__li18225237173632"><span>Click the desired Kafka instance to view its details.</span></li><li id="kafka-ug-0003__li7459155164515"><span>On the <strong id="kafka-ug-0003__b021281211401">Users</strong> page, click <strong id="kafka-ug-0003__b42137122406">Reset Password</strong> in the row containing the desired user.</span></li><li id="kafka-ug-0003__li10847924172819"><span>Enter and confirm a new password, and click <strong id="kafka-ug-0003__b1591511193420">OK</strong>.</span><p><ul id="kafka-ug-0003__ul6531112611521"><li id="kafka-ug-0003__li253102610528">If the password is successfully reset, a success message is displayed.</li><li id="kafka-ug-0003__li453172616529">If the password fails to be reset, a failure message is displayed. In this case, reset the password again. If you still fail to reset the password after multiple attempts, contact customer service.</li></ul>
<div class="note" id="kafka-ug-0003__note42331528103619"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kafka-ug-0003__p205596336367">The system will display a success message only after the password is successfully reset on all brokers.</p>
</div></div>
</p></li></ol>
</div>
<div class="section" id="kafka-ug-0003__section14541133610484"><h4 class="sectiontitle">Deleting a User</h4><ol id="kafka-ug-0003__ol1299471063115"><li id="kafka-ug-0003__li1443225255017"><span>Log in to the console.</span></li><li id="kafka-ug-0003__li14432125216504"><span>Click <span><img id="kafka-ug-0003__image21067118" src="en-us_image_0143929918.png"></span> in the upper left corner to select a region.</span><p><div class="note" id="kafka-ug-0003__note543215210506"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kafka-ug-0003__p5432195217506">Select the region where your Kafka instance is located.</p>
</div></div>
</p></li><li id="kafka-ug-0003__li154321352165017"><span>Click <strong id="kafka-ug-0003__b1425139183">Service List</strong> and choose <strong id="kafka-ug-0003__b1991659219">Application</strong> &gt; <strong id="kafka-ug-0003__b1167110199">Distributed Message Service</strong>. The Kafka instance list is displayed.</span></li><li id="kafka-ug-0003__li843215245012"><span>Click the desired Kafka instance to view its details.</span></li><li id="kafka-ug-0003__li10282012152613"><span>In the navigation pane, choose <strong id="kafka-ug-0003__b1385995892611">Users</strong>.</span></li><li id="kafka-ug-0003__li133275219334"><span>Delete a user in either of the following ways:</span><p><ul id="kafka-ug-0003__ul202593219346"><li id="kafka-ug-0003__li10259182113344">In the row containing the desired user, click <strong id="kafka-ug-0003__b52431629162719">Delete</strong>.</li><li id="kafka-ug-0003__li62421826123420">Select one or more users and click <strong id="kafka-ug-0003__b17376175174418">Delete</strong> above the list.</li></ul>
<div class="note" id="kafka-ug-0003__note1781928182719"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kafka-ug-0003__p2082088102716">The initial user set when ciphertext access is enabled for the first time cannot be deleted.</p>
</div></div>
</p></li><li id="kafka-ug-0003__li1343235275015"><span>In the displayed <strong id="kafka-ug-0003__b233134374614">Delete User</strong> dialog box, click <strong id="kafka-ug-0003__b0333154314614"></strong><strong id="kafka-ug-0003__b633512434466">OK</strong> to delete the user.</span></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="kafka-ug-0061.html">Configuring Kafka Access Control</a></div>
</div>
</div>
View Git Blame Copy Permalink