vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/component-operation-guide/mrs_01_0378.html
Yang, Tong 6182f91ba8 MRS component operation guide_normal 2.0.38.SP20 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2022-12-09 14:55:21 +00:00

81 lines
29 KiB
HTML
Raw Blame History

<a name="mrs_01_0378"></a><a name="mrs_01_0378"></a>
<h1 class="topictitle1">Managing Kafka User Permissions</h1>
<div id="body1589421630454"><div class="section" id="mrs_01_0378__se728d030bf0f499989fe2e36267d8a4a"><h4 class="sectiontitle">Scenario</h4><p id="mrs_01_0378__a67d7c9a1185c4e6783fb577ef1c69ff6">For clusters with Kerberos authentication enabled, using Kafka requires relevant permissions. MRS clusters can grant the use permission of Kafka to different users.</p>
<p id="mrs_01_0378__a728be99f1a884e0ea9e948c5d4c9d2ec"><a href="#mrs_01_0378__t5ed4e7771fac4113ad733d56146a3b07">Table 1</a> lists the default Kafka user groups.</p>
<div class="note" id="mrs_01_0378__note128399218910"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="mrs_01_0378__p78394211694">In MRS 3.<em id="mrs_01_0378__i1881121021015">x</em> or later, Kafka supports two types of authentication plug-ins: Kafka open source authentication plug-in and Ranger authentication plug-in.</p>
<p id="mrs_01_0378__p7895184216101">This section describes the user permission management based on the Kafka open source authentication plug-in. For details about how to use the Ranger authentication plug-in, see <a href="mrs_01_1861.html">Adding a Ranger Access Permission Policy for Kafka</a>.</p>
</div></div>
<div class="tablenoborder"><a name="mrs_01_0378__t5ed4e7771fac4113ad733d56146a3b07"></a><a name="t5ed4e7771fac4113ad733d56146a3b07"></a><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_0378__t5ed4e7771fac4113ad733d56146a3b07" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Default Kafka user groups</caption><thead align="left"><tr id="mrs_01_0378__r076853725c81491db89e57a4219e1eb8"><th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.1.5.2.3.1.1"><p id="mrs_01_0378__a1c64627b000143f5816333b8e6e9f12f">User Group</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="75%" id="mcps1.3.1.5.2.3.1.2"><p id="mrs_01_0378__a57b26b6571eb4b89956de7fca6e77437">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_0378__r414ece5231214e59807da3d66140d6ed"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.1.5.2.3.1.1 "><p id="mrs_01_0378__a2afbbea3ec4343ab8cae589a41d39de9">kafkaadmin</p>
</td>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.1.5.2.3.1.2 "><p id="mrs_01_0378__a8837e02cee8c4e289282d8ddc9e40a9a">Kafka administrator group. Users in this group have the permissions to create, delete, read, and write all topics, and authorize other users.</p>
</td>
</tr>
<tr id="mrs_01_0378__r4c54cddfd5bf4f7185beebba3b0abba7"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.1.5.2.3.1.1 "><p id="mrs_01_0378__ab2cd4dbea3184549b76509057a1f2789">kafkasuperuser</p>
</td>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.1.5.2.3.1.2 "><p id="mrs_01_0378__aab404a111ec7473594a1ce99c4aa29d4">Kafka super user group. Users in this group have the permissions to read and write all topics.</p>
</td>
</tr>
<tr id="mrs_01_0378__ra0878debfa1f4e5f9aeee2270a86f301"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.1.5.2.3.1.1 "><p id="mrs_01_0378__aa07efdb47cd940638fa4dc5d7d90d5be">kafka</p>
</td>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.1.5.2.3.1.2 "><p id="mrs_01_0378__en-us_topic_0054328609_p85436155921">Kafka common user group. Users in this group can access a topic only when they are granted with the read and write permissions of the topic by a user in the <strong id="mrs_01_0378__b8487135662612">kafkaadmin</strong> group.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="mrs_01_0378__sa4b650e4d82344e6adca63da0d91dc47"><h4 class="sectiontitle">Prerequisites</h4><ul id="mrs_01_0378__u3e554e8c3bb5434fa0467a72609be051"><li id="mrs_01_0378__l38d936d6e35d4d11bf04e56793bfe44d">You have installed the Kafka client.</li><li id="mrs_01_0378__l75de8d0cabba458481922c643cd5fff2">A user in the <strong id="mrs_01_0378__en-us_topic_0054328609_b842352706173416">kafkaadmin</strong> group, for example <span class="parmname" id="mrs_01_0378__en-us_topic_0054328609_parmname655361671173429"><b>admin</b></span>, has been prepared.</li></ul>
</div>
<div class="section" id="mrs_01_0378__sbb525980438c497999b816161b9eb948"><h4 class="sectiontitle">Procedure</h4><ol id="mrs_01_0378__oe90c7195051d4284ad4a84b0b406ae28"><li id="mrs_01_0378__li27231426191411"><span>Access the ZooKeeper instance page.</span><p><ul id="mrs_01_0378__en-us_topic_0264266588_ul1692910323486"><li id="mrs_01_0378__en-us_topic_0264266588_li792916322486">For versions earlier than MRS 1.9.2, log in to MRS Manager and choose <strong id="mrs_01_0378__en-us_topic_0264266588_b1584916171418">Services</strong> &gt; <strong id="mrs_01_0378__en-us_topic_0264266588_b2090181614141">ZooKeeper</strong> &gt; <strong id="mrs_01_0378__en-us_topic_0264266588_b179071612143">Instance</strong>.</li><li id="mrs_01_0378__en-us_topic_0264266588_li979413816488">For MRS 1.9.2 or later to versions earlier than 3.x, click the cluster name on the MRS console and choose <strong id="mrs_01_0378__en-us_topic_0264266588_b56141727181418">Components</strong> &gt; <strong id="mrs_01_0378__en-us_topic_0264266588_b562032781420">ZooKeeper</strong> &gt; <strong id="mrs_01_0378__en-us_topic_0264266588_b2620122751416">Instances</strong>.<div class="note" id="mrs_01_0378__en-us_topic_0264266588_note1664505711110"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="mrs_01_0378__en-us_topic_0264266588_p158007468574">If the <strong id="mrs_01_0378__en-us_topic_0264266588_b33924111304">Components</strong> tab is unavailable, complete IAM user synchronization first. (On the <strong id="mrs_01_0378__en-us_topic_0264266588_b1239291112016">Dashboard</strong> page, click <strong id="mrs_01_0378__en-us_topic_0264266588_b939315111101">Synchronize</strong> on the right side of <span class="parmname" id="mrs_01_0378__en-us_topic_0264266588_parmname73938113016"><b>IAM User Sync</b></span> to synchronize IAM users.)</p>
</div></div>
</li></ul>
</p></li><li id="mrs_01_0378__l1b2311966a2b45e8b89eec6e46478372"><span>View the IP addresses of the ZooKeeper role instance.</span><p><p id="mrs_01_0378__a2ef0c9ccf84f41bf82af2d504218c7bb">Record the IP address of any ZooKeeper instance.</p>
</p></li><li id="mrs_01_0378__l2f71626fdcd944b3987337bc4733d4d3"><span>Prepare the client based on service requirements. Log in to the node where the client is installed.</span></li><li id="mrs_01_0378__lbaf8c7cd92314989820b7e5799998fd3"><span>Run the following command to switch to the client directory, for example, <strong id="mrs_01_0378__b939110259257">/opt</strong><strong id="mrs_01_0378__b1739152522516"></strong><strong id="mrs_01_0378__b1039142552510">/client/Kafka/kafka/bin</strong>.</span><p><p id="mrs_01_0378__a8e2acbe143ca4f3c882445849b6a38f3"><strong id="mrs_01_0378__abdecb33a58524f6393d2c186ec138d2e">cd /opt/client/Kafka/kafka/bin</strong></p>
</p></li><li id="mrs_01_0378__l8020db1c359046149f1ea26c452496ca"><span>Run the following command to configure environment variables:</span><p><p id="mrs_01_0378__a6558e0dcc8c74d3abf07cf74af445a33"><strong id="mrs_01_0378__ab7997366dcbb4ae9af657dd7e4ac2b75">source /opt/client/bigdata_env</strong></p>
</p></li><li id="mrs_01_0378__le4d4b63c524844a1a58794799a48d6c3"><span>Run the following command to authenticate the user(skip this step in normal mode):</span><p><p id="mrs_01_0378__ae3c72ae18af24d61bb433860c3f1e8b9"><strong id="mrs_01_0378__ad3841c7d5ad449ecbc0c14d42918dcd0">kinit</strong> <em id="mrs_01_0378__a43a78ea98dca422eb559ae34bbb7767e">Component service user</em></p>
</p></li><li id="mrs_01_0378__lcbcefab0c90349048ac13216de186200"><span>Versions earlier than MRS 3.x: Select the scenario required by the service and manage Kafka user permissions.</span><p><ul id="mrs_01_0378__u4b8dbfc0bb744862a80e377709ea9d95"><li id="mrs_01_0378__l64bd1cc0555a44f9a4f493b14855a280">Querying the permission list of a topic<p id="mrs_01_0378__ac05fd925c929445ead6f38add777988b"><a name="mrs_01_0378__l64bd1cc0555a44f9a4f493b14855a280"></a><a name="l64bd1cc0555a44f9a4f493b14855a280"></a><strong id="mrs_01_0378__b5468138133810">sh kafka-acls.sh --authorizer-properties zookeeper.connect=<em id="mrs_01_0378__i5468123813814">IP address of the node where the ZooKeeper instance resides</em>:2181/kafka --list --topic</strong> <em id="mrs_01_0378__a53a6d680f9af4af3b1c4a3c6390f5daa"><strong id="mrs_01_0378__en-us_topic_0054328609_b764041172715">Topic name</strong></em></p>
</li><li id="mrs_01_0378__l72a712af134e486b82056354f995bb5d">Adding producer permission to a user<p id="mrs_01_0378__a703b5ed0354749dbb93ffc4ae90ee8e9"><a name="mrs_01_0378__l72a712af134e486b82056354f995bb5d"></a><a name="l72a712af134e486b82056354f995bb5d"></a><strong id="mrs_01_0378__en-us_topic_0054328609_b166345520210">sh kafka-acls.sh --authorizer-properties zookeeper.connect=</strong><em id="mrs_01_0378__en-us_topic_0054328609_i645507316271"><strong id="mrs_01_0378__en-us_topic_0054328609_b836473716271">IP address of the node where the ZooKeeper instance resides</strong></em><strong id="mrs_01_0378__a55b20295508943d9a21bb08b3427fb63">:2181/kafka --add --allow-principal User:</strong><em id="mrs_01_0378__a13b2197ff4f84892b9b5f8e67102be86"><strong id="mrs_01_0378__aaa6b795298e7413894dcb408a9faf344">Username</strong></em> <strong id="mrs_01_0378__b1022820548385">--producer --topic</strong> <em id="mrs_01_0378__ad521e2067f65495690adb73cab1f26a8"><strong id="mrs_01_0378__a75435dcf21684fecbb49fe60c858b3f8">Topic name</strong></em></p>
</li><li id="mrs_01_0378__l0b6a172e86b342b48e070e5587540e8c">Removing producer permission of a user<p id="mrs_01_0378__a337da8311edc41c4ba6daaf145176744"><a name="mrs_01_0378__l0b6a172e86b342b48e070e5587540e8c"></a><a name="l0b6a172e86b342b48e070e5587540e8c"></a><strong id="mrs_01_0378__b475043911489">sh kafka-acls.sh --authorizer-properties zookeeper.connect=</strong><em id="mrs_01_0378__i1875163913485"><strong id="mrs_01_0378__b14751113910488">IP address of the node where the ZooKeeper instance resides</strong></em><strong id="mrs_01_0378__b9751143914818">:2181/kafka --remove --allow-principal User:</strong><em id="mrs_01_0378__i1375273984815"><strong id="mrs_01_0378__b87521939104814">Username</strong></em> <strong id="mrs_01_0378__b47529398489">--producer --topic</strong> <em id="mrs_01_0378__i9753939104818"><strong id="mrs_01_0378__b107521739144818">Topic name</strong></em></p>
</li><li id="mrs_01_0378__leef5f2e6967c4e8a9809b383712fab8f">Adding consumer permission to a user<p id="mrs_01_0378__a4ec073cfe0b2492099e924be6b1339ab"><a name="mrs_01_0378__leef5f2e6967c4e8a9809b383712fab8f"></a><a name="leef5f2e6967c4e8a9809b383712fab8f"></a><strong id="mrs_01_0378__b76941359154812">sh kafka-acls.sh --authorizer-properties zookeeper.connect=</strong><em id="mrs_01_0378__i17695135974818"><strong id="mrs_01_0378__b14694155984811">IP address of the node where the ZooKeeper instance resides</strong></em><strong id="mrs_01_0378__b19695125918481">:2181/kafka --add --allow-principal User:</strong><em id="mrs_01_0378__i76967598486"><strong id="mrs_01_0378__b669685944815">Username</strong></em> <strong id="mrs_01_0378__b2013012198396">--consumer --topic</strong> <em id="mrs_01_0378__a9d7f8cabb884427fb860b79e8c769be0"><strong id="mrs_01_0378__ab589a591fce94a3a8847cccb78342302">Topic name</strong></em> <strong id="mrs_01_0378__b1142416335391">--group</strong> <em id="mrs_01_0378__a69421a18374946ef8df4a4cc2830cb89"><strong id="mrs_01_0378__a96bf24314abd4dd79180136d9eac9412">Consumer group name</strong></em></p>
</li><li id="mrs_01_0378__lbe70fc82116d420ba52af7c3da5ecba8">Removing consumer permission of a user<p id="mrs_01_0378__a8e0dc07e1a694f60857a184f994d2aae"><a name="mrs_01_0378__lbe70fc82116d420ba52af7c3da5ecba8"></a><a name="lbe70fc82116d420ba52af7c3da5ecba8"></a><strong id="mrs_01_0378__b1697073317410">sh kafka-acls.sh --authorizer-properties zookeeper.connect=</strong><em id="mrs_01_0378__i99711033194117"><strong id="mrs_01_0378__b9971123374117">IP address of the node where the ZooKeeper instance resides</strong></em><strong id="mrs_01_0378__b2971533144119">:2181/kafka --remove --allow-principal User:</strong><em id="mrs_01_0378__i11972133384116"><strong id="mrs_01_0378__b10972123313417">Username</strong></em> <strong id="mrs_01_0378__b89724336419">--consumer --topic</strong> <em id="mrs_01_0378__i5973153316411"><strong id="mrs_01_0378__b1597393310412">Topic name</strong></em> <strong id="mrs_01_0378__b199731933104112">--group</strong> <em id="mrs_01_0378__i7973333144110"><strong id="mrs_01_0378__b16973193394113">Consumer group name</strong></em></p>
</li></ul>
<div class="note" id="mrs_01_0378__nf5034be2b2f049a7b732a83e92765f03"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="mrs_01_0378__a6e80e89da95748278678ae59f5ba9be5">You need to enter <span class="parmvalue" id="mrs_01_0378__p0940378edefd491b8551bf5731af329c"><b>y</b></span> twice to confirm the removal of permission.</p>
<p id="mrs_01_0378__p1052717376567">For MRS 1.6.2 or earlier, the value of ZooKeeper's <strong id="mrs_01_0378__b141601531144213">clientPort</strong> defaults to <strong id="mrs_01_0378__b1816543184211">24002</strong>.</p>
</div></div>
</p></li><li id="mrs_01_0378__li16914841132014"><span>MRS 3.<em id="mrs_01_0378__i19194821645">x</em> and later versions: The following table lists the common commands used for user authorization when <strong id="mrs_01_0378__b2454427746">kafka-acl.sh</strong> is used.</span><p><ul id="mrs_01_0378__ul187821349211"><li id="mrs_01_0378__lee1476e09b3b44e0850cf37ae162f18f">View the permission control list of a topic:<p id="mrs_01_0378__acdce9ee78075442b87b88712c748b318"><a name="mrs_01_0378__lee1476e09b3b44e0850cf37ae162f18f"></a><a name="lee1476e09b3b44e0850cf37ae162f18f"></a><strong id="mrs_01_0378__b49568523134">./kafka-acls.sh --authorizer-properties zookeeper.connect=</strong><em id="mrs_01_0378__i11129171914418">&lt;Service IP address of any ZooKeeper node</em><strong id="mrs_01_0378__b1389118298315">:</strong><strong id="mrs_01_0378__b209391147234">2181</strong><strong id="mrs_01_0378__b131675113416">/kafka</strong> <em id="mrs_01_0378__i350817141748">&gt;</em><strong id="mrs_01_0378__b6602645341"> --list --topic </strong><em id="mrs_01_0378__i91631950644">&lt;Topic name&gt;</em></p>
<p id="mrs_01_0378__p2941102216438"><strong id="mrs_01_0378__b456615751311">./kafka-acls.sh --bootstrap-server</strong> &lt;<em id="mrs_01_0378__i0570175710134">IP address of the Kafka</em><em id="mrs_01_0378__i125708579136">cluster:21007&gt;</em><strong id="mrs_01_0378__b11182253142"> --command-config ../config/client.properties --list --topic </strong>&lt;<em id="mrs_01_0378__i518420591415">topic</em><em id="mrs_01_0378__i61854571418"> name</em>&gt;</p>
</li><li id="mrs_01_0378__lca0fd7f2388045b488a70eb6cff1d31b">Add the Producer permission for a user:<p id="mrs_01_0378__ac1f3a9bfa464425f81e785b0b8853d18"><a name="mrs_01_0378__lca0fd7f2388045b488a70eb6cff1d31b"></a><a name="lca0fd7f2388045b488a70eb6cff1d31b"></a><strong id="mrs_01_0378__b198291214161410">./kafka-acls.sh --authorizer-properties zookeeper.connect=</strong><em id="mrs_01_0378__i156412315615">&lt;Service IP address of any ZooKeeper node</em><strong id="mrs_01_0378__b19271035867">:</strong><strong id="mrs_01_0378__b1093835512514">2181</strong><strong id="mrs_01_0378__b713913461568">/kafka &gt; --add --allow-principal User:</strong><em id="mrs_01_0378__i1420320265615">&lt;Username&gt;</em><strong id="mrs_01_0378__b143215515620"> --producer --topic </strong><em id="mrs_01_0378__i1975652117614">&lt;Topic name&gt;</em></p>
<p id="mrs_01_0378__p15909633154418"><strong id="mrs_01_0378__b17724228127">./kafka-acls.sh --bootstrap-server </strong>&lt;<em id="mrs_01_0378__i1645902818143">IP address of the Kafka</em><em id="mrs_01_0378__i8459172817147">cluster:21007&gt;</em><strong id="mrs_01_0378__b47244291212"> --command-config ../config/client.properties --add --allow-principal User:</strong><em id="mrs_01_0378__i1970143311142">&lt;</em><em id="mrs_01_0378__i13702433111410">username&gt;</em><strong id="mrs_01_0378__b145291637141415"> --producer --topic </strong>&lt;<em id="mrs_01_0378__i1453314377143">topic</em><em id="mrs_01_0378__i1753393711413"> name</em>&gt;</p>
</li><li id="mrs_01_0378__li207401049204816">Assign the Producer permission to a user in batches.<p id="mrs_01_0378__p9608523134012"><a name="mrs_01_0378__li207401049204816"></a><a name="li207401049204816"></a><strong id="mrs_01_0378__b1527711419429">./kafka-acls.sh --authorizer-properties zookeeper.connect=</strong><em id="mrs_01_0378__i1949126487">&lt;Service IP address of any ZooKeeper node</em><strong id="mrs_01_0378__b0757793820">:</strong><strong id="mrs_01_0378__b1591442715">2181</strong><strong id="mrs_01_0378__b858001712812">/kafka &gt; </strong><strong id="mrs_01_0378__b4144454171418">--add --allow-principal User:</strong><em id="mrs_01_0378__i10145145421414">&lt;</em><em id="mrs_01_0378__i214613546148">Username&gt;</em><strong id="mrs_01_0378__b12674157171413"> --producer --topic </strong><em id="mrs_01_0378__i6873181111513">&lt;Topic name&gt;</em><strong id="mrs_01_0378__b14675957161413"> --resource-pattern-type prefixed</strong></p>
<p id="mrs_01_0378__p9439145511488"><strong id="mrs_01_0378__b4163713158">./kafka-acls.sh --bootstrap-server</strong> &lt;<em id="mrs_01_0378__i1121775154">IP address of the Kafka</em><em id="mrs_01_0378__i112187131511">cluster:21007&gt;</em><strong id="mrs_01_0378__b192131639114913"> --command-config ../config/client.properties --add --allow-principal User:</strong><em id="mrs_01_0378__i34521211181510">&lt;</em><em id="mrs_01_0378__i545241111153">username&gt;</em><strong id="mrs_01_0378__b32131539144918"> --producer --topic </strong><em id="mrs_01_0378__i12171111616156">&lt;topic name&gt;</em><strong id="mrs_01_0378__b14213539124910">--resource-pattern-type prefixed</strong></p>
</li><li id="mrs_01_0378__l32544276c38b4f6f8ce5d43e93ea8bcf">Remove the Producer permission from a user:<p id="mrs_01_0378__ab0390c087a5c4695b28aff88a14ae5e3"><a name="mrs_01_0378__l32544276c38b4f6f8ce5d43e93ea8bcf"></a><a name="l32544276c38b4f6f8ce5d43e93ea8bcf"></a><strong id="mrs_01_0378__b1741332182519">./kafka-acls.sh --authorizer-properties zookeeper.connect=</strong><em id="mrs_01_0378__i249481524910">&lt;Service IP adddress of any ZooKeeper node</em><strong id="mrs_01_0378__b201151047174811">:</strong><strong id="mrs_01_0378__b721633920480">2181</strong><strong id="mrs_01_0378__b12114161804819">/kafka &gt; --remove --allow-principal User:</strong><em id="mrs_01_0378__i31171514815">&lt;Username&gt;</em><strong id="mrs_01_0378__b757826164815"> --producer --topic </strong><em id="mrs_01_0378__i1046219540476">&lt;Topic name&gt;</em></p>
<p id="mrs_01_0378__p41413154617"><strong id="mrs_01_0378__b23263712120">./kafka-acls.sh --bootstrap-server </strong>&lt;<em id="mrs_01_0378__i08271447172512">IP address of the Kafka</em><em id="mrs_01_0378__i182744719255">cluster:21007&gt;</em><strong id="mrs_01_0378__b1132614741210"> --command-config ../config/client.properties --remove --allow-principal User:</strong><em id="mrs_01_0378__i12841812270">&lt;</em><em id="mrs_01_0378__i16841314274">username&gt;</em> <strong id="mrs_01_0378__b18218112716">--producer --topic </strong>&lt;<em id="mrs_01_0378__i10652113413262">topic</em><em id="mrs_01_0378__i19652123417266"> name</em>&gt;</p>
</li><li id="mrs_01_0378__li1113013481505">Delete the Producer permission of a user in batches:<p id="mrs_01_0378__p94478365017"><a name="mrs_01_0378__li1113013481505"></a><a name="li1113013481505"></a><strong id="mrs_01_0378__b2519351175020">./kafka-acls.sh --authorizer-properties zookeeper.connect=</strong><em id="mrs_01_0378__i19268325111318">&lt;Service IP address of any ZooKeeper node</em><strong id="mrs_01_0378__b426112915134">:</strong><strong id="mrs_01_0378__b15110115131313">2181</strong><strong id="mrs_01_0378__b165114549172">/kafka &gt;</strong><strong id="mrs_01_0378__b11204151314411"> --remove --allow-principal User:</strong><em id="mrs_01_0378__i1721011344414">&lt;</em><em id="mrs_01_0378__i12109135445">Username&gt;</em><strong id="mrs_01_0378__b133201917154415"> --producer --topic </strong><em id="mrs_01_0378__i1695616173446">&lt;Topic name&gt;</em><strong id="mrs_01_0378__b1932081714442"> --resource-pattern-type prefixed</strong></p>
<p id="mrs_01_0378__p125191051175019"><strong id="mrs_01_0378__b762062215444">./kafka-acls.sh --bootstrap-server</strong> &lt;<em id="mrs_01_0378__i146448227441">IP address of the Kafka</em><em id="mrs_01_0378__i10644182214414">cluster:21007&gt;</em><strong id="mrs_01_0378__b17519185115013"> --command-config ../config/client.properties --remove --allow-principal User:</strong><em id="mrs_01_0378__i1581373114413">&lt;</em><em id="mrs_01_0378__i9813203113443">username&gt;</em><strong id="mrs_01_0378__b85192512508"> --producer --topic </strong><em id="mrs_01_0378__i12741928164419">&lt;topic name&gt;</em><strong id="mrs_01_0378__b4519185135011">--resource-pattern-type prefixed</strong></p>
</li><li id="mrs_01_0378__ld666ea75c53e497d8939215f7f4f968f">Add the Consumer permission for a user:<p id="mrs_01_0378__a4647349a70df45f9b88da28b01744044"><a name="mrs_01_0378__ld666ea75c53e497d8939215f7f4f968f"></a><a name="ld666ea75c53e497d8939215f7f4f968f"></a><strong id="mrs_01_0378__b1038917127463">./kafka-acls.sh --authorizer-properties zookeeper.connect=</strong><em id="mrs_01_0378__i1388010594132">&lt;Service IP address of any ZooKeeper node</em><strong id="mrs_01_0378__b1533410391412">:</strong><strong id="mrs_01_0378__b62911918142">2181</strong><strong id="mrs_01_0378__b521917394173">/kafka &gt;</strong><strong id="mrs_01_0378__b43892129466"> --add --allow-principal User:</strong><em id="mrs_01_0378__i11615112004511">&lt;</em><em id="mrs_01_0378__i1661619202458">Username&gt;</em><strong id="mrs_01_0378__b1175993924616"> --consumer --topic</strong> <em id="mrs_01_0378__i876115395462">&lt;Topic</em><em id="mrs_01_0378__i1476117394462">name&gt;</em><strong id="mrs_01_0378__b73931844184614"> --group </strong><em id="mrs_01_0378__i10397184494617">&lt;</em><em id="mrs_01_0378__i1139744410467">Consumer group name&gt;</em></p>
<p id="mrs_01_0378__p928618147468"><strong id="mrs_01_0378__b1188141218129">./kafka-acls.sh --bootstrap-server </strong>&lt;<em id="mrs_01_0378__i699155584616">IP address of the Kafka</em><em id="mrs_01_0378__i149925554610">cluster:21007&gt;</em><strong id="mrs_01_0378__b48891212125"> --command-config ../config/client.properties --add --allow-principal User:</strong><em id="mrs_01_0378__i642672354519">&lt;</em><em id="mrs_01_0378__i3426132334517">username&gt;</em><strong id="mrs_01_0378__b93377219470"> --consumer --topic </strong><em id="mrs_01_0378__i1933920234717">&lt;topic</em><em id="mrs_01_0378__i8339182124713">name&gt;</em><strong id="mrs_01_0378__b166212524717"> --group </strong><em id="mrs_01_0378__i14631555472">&lt;</em><em id="mrs_01_0378__i196319544713">consumer group name&gt;</em></p>
</li><li id="mrs_01_0378__li15771843125210">Add consumer permissions to a user in batches:<p id="mrs_01_0378__p34321257115419"><a name="mrs_01_0378__li15771843125210"></a><a name="li15771843125210"></a><strong id="mrs_01_0378__b1622611125515">./kafka-acls.sh </strong><strong id="mrs_01_0378__b1827787155518">--authorizer-properties zookeeper.connect=</strong><em id="mrs_01_0378__i81781644151517">&lt;Service IP address of any ZooKeeper node</em><strong id="mrs_01_0378__b8376174921513">:</strong><strong id="mrs_01_0378__b1062410891514">2181</strong><strong id="mrs_01_0378__b27281283174">/kafka &gt;</strong><strong id="mrs_01_0378__b4622111165517"> --add --allow-principal User:</strong><em id="mrs_01_0378__i3367625194513">&lt;</em><em id="mrs_01_0378__i93678253454">Username&gt;</em><strong id="mrs_01_0378__b1162219114556"> --consumer --topic </strong><em id="mrs_01_0378__i1622217244476">&lt;Topic</em><em id="mrs_01_0378__i72221224124710"> name&gt;</em><strong id="mrs_01_0378__b106221511145510"> --group </strong><em id="mrs_01_0378__i12392132774716">&lt;</em><em id="mrs_01_0378__i1139282720477">Consumer group name&gt;</em><strong id="mrs_01_0378__b196221811165519"> --resource-pattern-type prefixed</strong></p>
<p id="mrs_01_0378__p8545125414543"><strong id="mrs_01_0378__b17638171195510">./kafka-acls.sh --bootstrap-server </strong>&lt;<em id="mrs_01_0378__i1252163134712">IP address of the Kafka</em><em id="mrs_01_0378__i852153154712">cluster:21007&gt;</em><strong id="mrs_01_0378__b146381011125511"> --command-config ../config/client.properties --add --allow-principal User:</strong><em id="mrs_01_0378__i203552279456">&lt;</em><em id="mrs_01_0378__i19355172754512">username&gt;</em><strong id="mrs_01_0378__b18638121115518"> --consumer --topic </strong><em id="mrs_01_0378__i19165536184713">&lt;topic</em><em id="mrs_01_0378__i1916553604717">name&gt;</em><strong id="mrs_01_0378__b1763811118551"> --group </strong><em id="mrs_01_0378__i84201739164714">&lt;</em><em id="mrs_01_0378__i5420739164717">consumer group name&gt;</em><strong id="mrs_01_0378__b7638161145511"> --resource-pattern-type prefixed</strong></p>
</li><li id="mrs_01_0378__l1b691695d16c43dc8f4e034424635a85">Remove the consumer permission from a user:<p id="mrs_01_0378__aab879e8b40594d3aa5ce4dae6f293d86"><a name="mrs_01_0378__l1b691695d16c43dc8f4e034424635a85"></a><a name="l1b691695d16c43dc8f4e034424635a85"></a><strong id="mrs_01_0378__b835417457479">./kafka-acls.sh --authorizer-properties zookeeper.connect=</strong><em id="mrs_01_0378__i66645224167">&lt;Service IP address of any ZooKeeper node</em><strong id="mrs_01_0378__b107601426181618">:</strong><strong id="mrs_01_0378__b12591232131615">2181</strong><strong id="mrs_01_0378__b4398163511166">/kafka &gt;</strong><strong id="mrs_01_0378__b63544452473"> --remove --allow-principal User:</strong><em id="mrs_01_0378__i1781113584515">&lt;</em><em id="mrs_01_0378__i1881153510453">Username&gt;</em><strong id="mrs_01_0378__b138204913479"> --consumer --topic</strong> <em id="mrs_01_0378__i121010497471">&lt;Topic</em><em id="mrs_01_0378__i31013492475"> name&gt;</em><strong id="mrs_01_0378__b261010527478"> --group </strong><em id="mrs_01_0378__i261115216474">&lt;</em><em id="mrs_01_0378__i7611155234710">Consumer group name&gt;</em></p>
<p id="mrs_01_0378__p10789160124813"><strong id="mrs_01_0378__b1349631681217">./kafka-acls.sh --bootstrap-server </strong>&lt;<em id="mrs_01_0378__i198620561471">IP address of the Kafka</em><em id="mrs_01_0378__i12986856164715">cluster:21007&gt;</em><strong id="mrs_01_0378__b1849611165126"> --command-config ../config/client.properties --remove --allow-principal User:</strong><em id="mrs_01_0378__i138501239114514">&lt;</em><em id="mrs_01_0378__i885023913456">username&gt;</em><strong id="mrs_01_0378__b3789191204819"><em id="mrs_01_0378__i17789161134816"> --consumer --topic </em></strong><em id="mrs_01_0378__i137911619481">&lt;topic name&gt;</em><strong id="mrs_01_0378__b1149661661218"> </strong><strong id="mrs_01_0378__b468617424820">--group </strong><em id="mrs_01_0378__i068816415482">&lt;</em><em id="mrs_01_0378__i1688349489">consumer group name&gt;</em></p>
</li><li id="mrs_01_0378__li732623475616">Delete the consumer permission of a user in batches:<p id="mrs_01_0378__p164569485620"><a name="mrs_01_0378__li732623475616"></a><a name="li732623475616"></a><strong id="mrs_01_0378__b04561644567">./kafka-acls.sh </strong><strong id="mrs_01_0378__b15456248569">--authorizer-properties zookeeper.connect=</strong><em id="mrs_01_0378__i1821173610194">&lt;Service IP address of any ZooKeeper node</em><strong id="mrs_01_0378__b290933891910">:</strong><strong id="mrs_01_0378__b159418442192">2181</strong><strong id="mrs_01_0378__b159141647111918">/kafka &gt;</strong><strong id="mrs_01_0378__b154571547563"> --remove --allow-principal User:</strong><em id="mrs_01_0378__i10628341154513">&lt;</em><em id="mrs_01_0378__i14628341144519">Username&gt;</em><strong id="mrs_01_0378__b2457247563"> --consumer --topic </strong><em id="mrs_01_0378__i128781318194810">&lt;Topic</em><em id="mrs_01_0378__i18781018154810"> name&gt;</em><strong id="mrs_01_0378__b34578455610"> --group </strong><em id="mrs_01_0378__i1727832264813">&lt;</em><em id="mrs_01_0378__i4279162294813">Consumer group name&gt;</em><strong id="mrs_01_0378__b154572419563"> --resource-pattern-type prefixed</strong></p>
<p id="mrs_01_0378__p24574485610"><strong id="mrs_01_0378__b1445712415619">./kafka-acls.sh --bootstrap-server </strong>&lt;<em id="mrs_01_0378__i686912268484">IP address of the Kafka</em><em id="mrs_01_0378__i10869142610485">cluster:21007&gt;</em><strong id="mrs_01_0378__b645717475615"> --command-config ../config/client.properties --remove --allow-principal User:</strong><em id="mrs_01_0378__i93969438455">&lt;</em><em id="mrs_01_0378__i18396144384515">username&gt;</em><strong id="mrs_01_0378__b1245718414568"> --consumer --topic </strong><em id="mrs_01_0378__i15558333480">&lt;topic</em><em id="mrs_01_0378__i85523317485">name&gt;</em><strong id="mrs_01_0378__b184579415567"> --group </strong><em id="mrs_01_0378__i1660593614818">&lt;</em><em id="mrs_01_0378__i116057362486">consumer group name&gt;</em><strong id="mrs_01_0378__b6457194165618"> --resource-pattern-type prefixed</strong></p>
</li></ul>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_0375.html">Using Kafka</a></div>
</div>
</div>
View Git Blame Copy Permalink