vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/component-operation-guide-lts/mrs_01_0378.html
Yang, Tong 3f5759eed2 MRS comp-lts 2.0.38.SP20 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2023-01-19 17:08:45 +00:00

70 lines
30 KiB
HTML
Raw Blame History

<a name="mrs_01_0378"></a><a name="mrs_01_0378"></a>
<h1 class="topictitle1">Managing Kafka User Permissions</h1>
<div id="body8662426"><div class="section" id="mrs_01_0378__en-us_topic_0000001173949956_se728d030bf0f499989fe2e36267d8a4a"><h4 class="sectiontitle">Scenario</h4><p id="mrs_01_0378__en-us_topic_0000001173949956_a67d7c9a1185c4e6783fb577ef1c69ff6">For clusters with Kerberos authentication enabled, using Kafka requires relevant permissions. MRS clusters can grant the use permission of Kafka to different users.</p>
<p id="mrs_01_0378__en-us_topic_0000001173949956_a728be99f1a884e0ea9e948c5d4c9d2ec"><a href="#mrs_01_0378__en-us_topic_0000001173949956_t5ed4e7771fac4113ad733d56146a3b07">Table 1</a> lists the default Kafka user groups.</p>
<div class="note" id="mrs_01_0378__en-us_topic_0000001173949956_note128399218910"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="mrs_01_0378__en-us_topic_0000001173949956_p78394211694">Kafka supports two types of authentication plug-ins: Kafka open-source authentication plug-in and Ranger authentication plug-in.</p>
<p id="mrs_01_0378__en-us_topic_0000001173949956_p7895184216101">This section describes the user permission management based on the Kafka open source authentication plug-in. For details about how to use the Ranger authentication plug-in, see <a href="mrs_01_1861.html">Adding a Ranger Access Permission Policy for Kafka</a>.</p>
</div></div>
<div class="tablenoborder"><a name="mrs_01_0378__en-us_topic_0000001173949956_t5ed4e7771fac4113ad733d56146a3b07"></a><a name="en-us_topic_0000001173949956_t5ed4e7771fac4113ad733d56146a3b07"></a><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_0378__en-us_topic_0000001173949956_t5ed4e7771fac4113ad733d56146a3b07" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Default Kafka user groups</caption><thead align="left"><tr id="mrs_01_0378__en-us_topic_0000001173949956_r076853725c81491db89e57a4219e1eb8"><th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.1.5.2.3.1.1"><p id="mrs_01_0378__en-us_topic_0000001173949956_a1c64627b000143f5816333b8e6e9f12f">User Group</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="75%" id="mcps1.3.1.5.2.3.1.2"><p id="mrs_01_0378__en-us_topic_0000001173949956_a57b26b6571eb4b89956de7fca6e77437">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_0378__en-us_topic_0000001173949956_r414ece5231214e59807da3d66140d6ed"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.1.5.2.3.1.1 "><p id="mrs_01_0378__en-us_topic_0000001173949956_a2afbbea3ec4343ab8cae589a41d39de9">kafkaadmin</p>
</td>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.1.5.2.3.1.2 "><p id="mrs_01_0378__en-us_topic_0000001173949956_a8837e02cee8c4e289282d8ddc9e40a9a">Kafka administrator group. Users in this group have the permissions to create, delete, read, and write all topics, and authorize other users.</p>
</td>
</tr>
<tr id="mrs_01_0378__en-us_topic_0000001173949956_r4c54cddfd5bf4f7185beebba3b0abba7"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.1.5.2.3.1.1 "><p id="mrs_01_0378__en-us_topic_0000001173949956_ab2cd4dbea3184549b76509057a1f2789">kafkasuperuser</p>
</td>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.1.5.2.3.1.2 "><p id="mrs_01_0378__en-us_topic_0000001173949956_aab404a111ec7473594a1ce99c4aa29d4">Kafka super user group. Users in this group have the permissions to read and write all topics.</p>
</td>
</tr>
<tr id="mrs_01_0378__en-us_topic_0000001173949956_ra0878debfa1f4e5f9aeee2270a86f301"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.1.5.2.3.1.1 "><p id="mrs_01_0378__en-us_topic_0000001173949956_aa07efdb47cd940638fa4dc5d7d90d5be">kafka</p>
</td>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.1.5.2.3.1.2 "><p id="mrs_01_0378__en-us_topic_0000001173949956_en-us_topic_0054328609_p85436155921">Kafka common user group. Users in this group can access a topic only when they are granted with the read and write permissions of the topic by a user in the <strong id="mrs_01_0378__en-us_topic_0000001173949956_b8487135662612">kafkaadmin</strong> group.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="mrs_01_0378__en-us_topic_0000001173949956_sa4b650e4d82344e6adca63da0d91dc47"><h4 class="sectiontitle">Prerequisites</h4><ul id="mrs_01_0378__en-us_topic_0000001173949956_u3e554e8c3bb5434fa0467a72609be051"><li id="mrs_01_0378__en-us_topic_0000001173949956_l38d936d6e35d4d11bf04e56793bfe44d">You have installed the Kafka client.</li><li id="mrs_01_0378__en-us_topic_0000001173949956_l75de8d0cabba458481922c643cd5fff2">A user in the <strong id="mrs_01_0378__en-us_topic_0000001173949956_en-us_topic_0054328609_b842352706173416">kafkaadmin</strong> group, for example <span class="parmname" id="mrs_01_0378__en-us_topic_0000001173949956_en-us_topic_0054328609_parmname655361671173429"><b>admin</b></span>, has been prepared.</li></ul>
</div>
<div class="section" id="mrs_01_0378__en-us_topic_0000001173949956_sbb525980438c497999b816161b9eb948"><h4 class="sectiontitle">Procedure</h4><ol id="mrs_01_0378__en-us_topic_0000001173949956_oe90c7195051d4284ad4a84b0b406ae28"><li id="mrs_01_0378__en-us_topic_0000001173949956_li777313202051"><span>Access the ZooKeeper instance page.</span><p><p id="mrs_01_0378__p10824172412918">Log in to FusionInsight Manager. For details, see <a href="mrs_01_2124.html">Accessing FusionInsight Manager</a>. Choose <strong id="mrs_01_0378__en-us_topic_0000001173949956_b76566206557">Cluster</strong> &gt; <em id="mrs_01_0378__en-us_topic_0000001173949956_i2066118204559">Name of the desired cluster</em> &gt; <strong id="mrs_01_0378__en-us_topic_0000001173949956_b666182020551">Services</strong> &gt; <strong id="mrs_01_0378__en-us_topic_0000001173949956_b156619205556">ZooKeeper</strong> &gt; <strong id="mrs_01_0378__en-us_topic_0000001173949956_b206611820105518">Instance</strong>.</p>
</p></li><li id="mrs_01_0378__en-us_topic_0000001173949956_l1b2311966a2b45e8b89eec6e46478372"><span>View the IP addresses of the ZooKeeper role instance.</span><p><p id="mrs_01_0378__en-us_topic_0000001173949956_a2ef0c9ccf84f41bf82af2d504218c7bb">Record the IP address of any ZooKeeper instance.</p>
</p></li><li id="mrs_01_0378__en-us_topic_0000001173949956_l2f71626fdcd944b3987337bc4733d4d3"><span>Prepare the client based on service requirements. Log in to the node where the client is installed.</span></li><li id="mrs_01_0378__en-us_topic_0000001173949956_lbaf8c7cd92314989820b7e5799998fd3"><span>Run the following command to switch to the client directory, for example, <strong id="mrs_01_0378__en-us_topic_0000001173949956_b939110259257">/opt</strong><strong id="mrs_01_0378__en-us_topic_0000001173949956_b1739152522516"></strong><strong id="mrs_01_0378__en-us_topic_0000001173949956_b1039142552510">/client/Kafka/kafka/bin</strong>.</span><p><p id="mrs_01_0378__en-us_topic_0000001173949956_a8e2acbe143ca4f3c882445849b6a38f3"><strong id="mrs_01_0378__en-us_topic_0000001173949956_abdecb33a58524f6393d2c186ec138d2e">cd /opt/client/Kafka/kafka/bin</strong></p>
</p></li><li id="mrs_01_0378__en-us_topic_0000001173949956_l8020db1c359046149f1ea26c452496ca"><span>Run the following command to configure environment variables:</span><p><p id="mrs_01_0378__en-us_topic_0000001173949956_a6558e0dcc8c74d3abf07cf74af445a33"><strong id="mrs_01_0378__en-us_topic_0000001173949956_ab7997366dcbb4ae9af657dd7e4ac2b75">source /opt/client/bigdata_env</strong></p>
</p></li><li id="mrs_01_0378__en-us_topic_0000001173949956_le4d4b63c524844a1a58794799a48d6c3"><span>Run the following command to authenticate the user (skip this step in normal mode):</span><p><p id="mrs_01_0378__en-us_topic_0000001173949956_ae3c72ae18af24d61bb433860c3f1e8b9"><strong id="mrs_01_0378__en-us_topic_0000001173949956_ad3841c7d5ad449ecbc0c14d42918dcd0">kinit</strong> <em id="mrs_01_0378__en-us_topic_0000001173949956_a43a78ea98dca422eb559ae34bbb7767e">Component service user</em></p>
</p></li><li id="mrs_01_0378__en-us_topic_0000001173949956_li16914841132014"><span>The following table lists the common commands used for user authorization when <strong id="mrs_01_0378__en-us_topic_0000001173949956_b2454427746">kafka-acl.sh</strong> is used.</span><p><ul id="mrs_01_0378__en-us_topic_0000001173949956_ul187821349211"><li id="mrs_01_0378__en-us_topic_0000001173949956_lee1476e09b3b44e0850cf37ae162f18f">View the permission control list of a topic:<p id="mrs_01_0378__en-us_topic_0000001173949956_acdce9ee78075442b87b88712c748b318"><a name="mrs_01_0378__en-us_topic_0000001173949956_lee1476e09b3b44e0850cf37ae162f18f"></a><a name="en-us_topic_0000001173949956_lee1476e09b3b44e0850cf37ae162f18f"></a><strong id="mrs_01_0378__en-us_topic_0000001173949956_b49568523134">./kafka-acls.sh --authorizer-properties zookeeper.connect=</strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i2961352131310">&lt;service IP address of any ZooKeeper node:</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i896155214133">2181/kafka &gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b928716513611"> --list --topic </strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i109571552171311">&lt;topic</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i1595785218134">name&gt;</em></p>
<p id="mrs_01_0378__en-us_topic_0000001173949956_p2941102216438"><strong id="mrs_01_0378__en-us_topic_0000001173949956_b456615751311">./kafka-acls.sh --bootstrap-server</strong> &lt;<em id="mrs_01_0378__en-us_topic_0000001173949956_i0570175710134">IP address of the Kafka</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i125708579136">cluster:21007&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b11182253142"> --command-config ../config/client.properties --list --topic </strong>&lt;<em id="mrs_01_0378__en-us_topic_0000001173949956_i518420591415">topic</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i61854571418"> name</em>&gt;</p>
</li><li id="mrs_01_0378__en-us_topic_0000001173949956_lca0fd7f2388045b488a70eb6cff1d31b">Add the Producer permission for a user:<p id="mrs_01_0378__en-us_topic_0000001173949956_ac1f3a9bfa464425f81e785b0b8853d18"><a name="mrs_01_0378__en-us_topic_0000001173949956_lca0fd7f2388045b488a70eb6cff1d31b"></a><a name="en-us_topic_0000001173949956_lca0fd7f2388045b488a70eb6cff1d31b"></a><strong id="mrs_01_0378__en-us_topic_0000001173949956_b198291214161410">./kafka-acls.sh --authorizer-properties zookeeper.connect=</strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i6834181451415">&lt;service IP address of any ZooKeeper node:</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i983419147143">2181/kafka &gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b204247216141"> --add --allow-principal User:</strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i174261321201413">&lt;</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i642622121419">username&gt;</em> <strong id="mrs_01_0378__en-us_topic_0000001173949956_b1024532511416">--producer --topic </strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i1424715258144">&lt;topic</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i13247325181417"> name&gt;</em></p>
<p id="mrs_01_0378__en-us_topic_0000001173949956_p15909633154418"><strong id="mrs_01_0378__en-us_topic_0000001173949956_b17724228127">./kafka-acls.sh --bootstrap-server </strong>&lt;<em id="mrs_01_0378__en-us_topic_0000001173949956_i1645902818143">IP address of the Kafka</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i8459172817147">cluster:21007&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b47244291212"> --command-config ../config/client.properties --add --allow-principal User:</strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i1970143311142">&lt;</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i13702433111410">username&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b145291637141415"> --producer --topic </strong>&lt;<em id="mrs_01_0378__en-us_topic_0000001173949956_i1453314377143">topic</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i1753393711413"> name</em>&gt;</p>
</li><li id="mrs_01_0378__en-us_topic_0000001173949956_li207401049204816">Assign the Producer permission to a user in batches.<p id="mrs_01_0378__en-us_topic_0000001173949956_p9608523134012"><a name="mrs_01_0378__en-us_topic_0000001173949956_li207401049204816"></a><a name="en-us_topic_0000001173949956_li207401049204816"></a><strong id="mrs_01_0378__en-us_topic_0000001173949956_b1527711419429">./kafka-acls.sh --authorizer-properties zookeeper.connect=</strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i2230450141417">&lt;service IP address of any ZooKeeper node:</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i923025091418">2181/kafka &gt;</em> <strong id="mrs_01_0378__en-us_topic_0000001173949956_b4144454171418">--add --allow-principal User:</strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i10145145421414">&lt;</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i214613546148">username&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b12674157171413"> --producer --topic </strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i6873181111513">&lt;topic nam,e&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b14675957161413"> --resource-pattern-type prefixed</strong></p>
<p id="mrs_01_0378__en-us_topic_0000001173949956_p9439145511488"><strong id="mrs_01_0378__en-us_topic_0000001173949956_b4163713158">./kafka-acls.sh --bootstrap-server</strong> &lt;<em id="mrs_01_0378__en-us_topic_0000001173949956_i1121775154">IP address of the Kafka</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i112187131511">cluster:21007&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b192131639114913"> --command-config ../config/client.properties --add --allow-principal User:</strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i34521211181510">&lt;</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i545241111153">username&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b32131539144918"> --producer --topic </strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i12171111616156">&lt;topic name&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b14213539124910">--resource-pattern-type prefixed</strong></p>
</li><li id="mrs_01_0378__en-us_topic_0000001173949956_l32544276c38b4f6f8ce5d43e93ea8bcf">Remove the Producer permission from a user:<p id="mrs_01_0378__en-us_topic_0000001173949956_ab0390c087a5c4695b28aff88a14ae5e3"><a name="mrs_01_0378__en-us_topic_0000001173949956_l32544276c38b4f6f8ce5d43e93ea8bcf"></a><a name="en-us_topic_0000001173949956_l32544276c38b4f6f8ce5d43e93ea8bcf"></a><strong id="mrs_01_0378__en-us_topic_0000001173949956_b1741332182519">./kafka-acls.sh --authorizer-properties zookeeper.connect=</strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i92411321253">&lt;service IP address of any ZooKeeper node:</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i122433292511">2181/kafka &gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b85583406253"> --remove --allow-principal User:</strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i135601740112515">&lt;</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i185617403258">username&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b1449194311258"> --producer --topic </strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i74521343102511">&lt;topic</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i34521943122517"> name&gt;</em></p>
<p id="mrs_01_0378__en-us_topic_0000001173949956_p41413154617"><strong id="mrs_01_0378__en-us_topic_0000001173949956_b23263712120">./kafka-acls.sh --bootstrap-server </strong>&lt;<em id="mrs_01_0378__en-us_topic_0000001173949956_i08271447172512">IP address of the Kafka</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i182744719255">cluster:21007&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b1132614741210"> --command-config ../config/client.properties --remove --allow-principal User:</strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i12841812270">&lt;</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i16841314274">username&gt;</em> <strong id="mrs_01_0378__en-us_topic_0000001173949956_b18218112716">--producer --topic </strong>&lt;<em id="mrs_01_0378__en-us_topic_0000001173949956_i10652113413262">topic</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i19652123417266"> name</em>&gt;</p>
</li><li id="mrs_01_0378__en-us_topic_0000001173949956_li1113013481505">Delete the Producer permission of a user in batches:<p id="mrs_01_0378__en-us_topic_0000001173949956_p94478365017"><a name="mrs_01_0378__en-us_topic_0000001173949956_li1113013481505"></a><a name="en-us_topic_0000001173949956_li1113013481505"></a><strong id="mrs_01_0378__en-us_topic_0000001173949956_b2519351175020">./kafka-acls.sh --authorizer-properties zookeeper.connect=</strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i26168912440">&lt;service IP address of any ZooKeeper node:</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i8617159154420">2181/kafka &gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b11204151314411"> --remove --allow-principal User:</strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i1721011344414">&lt;</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i12109135445">username&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b133201917154415"> --producer --topic </strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i1695616173446">&lt;topic name&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b1932081714442"> --resource-pattern-type prefixed</strong></p>
<p id="mrs_01_0378__en-us_topic_0000001173949956_p125191051175019"><strong id="mrs_01_0378__en-us_topic_0000001173949956_b762062215444">./kafka-acls.sh --bootstrap-server</strong> &lt;<em id="mrs_01_0378__en-us_topic_0000001173949956_i146448227441">IP address of the Kafka</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i10644182214414">cluster:21007&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b17519185115013"> --command-config ../config/client.properties --remove --allow-principal User:</strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i1581373114413">&lt;</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i9813203113443">username&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b85192512508"> --producer --topic </strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i12741928164419">&lt;topic name&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b4519185135011">--resource-pattern-type prefixed</strong></p>
</li><li id="mrs_01_0378__en-us_topic_0000001173949956_ld666ea75c53e497d8939215f7f4f968f">Add the Consumer permission for a user:<p id="mrs_01_0378__en-us_topic_0000001173949956_a4647349a70df45f9b88da28b01744044"><a name="mrs_01_0378__en-us_topic_0000001173949956_ld666ea75c53e497d8939215f7f4f968f"></a><a name="en-us_topic_0000001173949956_ld666ea75c53e497d8939215f7f4f968f"></a><strong id="mrs_01_0378__en-us_topic_0000001173949956_b1038917127463">./kafka-acls.sh --authorizer-properties zookeeper.connect=</strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i340921234616">&lt;service IP address of any ZooKeeper node:</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i94092124467">2181/kafka &gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b43892129466"> --add --allow-principal User:</strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i11615112004511">&lt;</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i1661619202458">user name&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b1175993924616"> --consumer --topic</strong> <em id="mrs_01_0378__en-us_topic_0000001173949956_i876115395462">&lt;topic</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i1476117394462"> name&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b73931844184614"> --group </strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i10397184494617">&lt;</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i1139744410467">consumer group name&gt;</em></p>
<p id="mrs_01_0378__en-us_topic_0000001173949956_p928618147468"><strong id="mrs_01_0378__en-us_topic_0000001173949956_b1188141218129">./kafka-acls.sh --bootstrap-server </strong>&lt;<em id="mrs_01_0378__en-us_topic_0000001173949956_i699155584616">IP address of the Kafka</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i149925554610">cluster:21007&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b48891212125"> --command-config ../config/client.properties --add --allow-principal User:</strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i642672354519">&lt;</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i3426132334517">username&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b93377219470"> --consumer --topic </strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i1933920234717">&lt;topic</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i8339182124713">name&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b166212524717"> --group </strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i14631555472">&lt;</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i196319544713">consumer group name&gt;</em></p>
</li><li id="mrs_01_0378__en-us_topic_0000001173949956_li15771843125210">Add consumer permissions to a user in batches:<p id="mrs_01_0378__en-us_topic_0000001173949956_p34321257115419"><a name="mrs_01_0378__en-us_topic_0000001173949956_li15771843125210"></a><a name="en-us_topic_0000001173949956_li15771843125210"></a><strong id="mrs_01_0378__en-us_topic_0000001173949956_b1622611125515">./kafka-acls.sh </strong><strong id="mrs_01_0378__en-us_topic_0000001173949956_b1827787155518">--authorizer-properties zookeeper.connect=</strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i15714102015479">&lt;service IP address of any ZooKeeper node:</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i5714182015479">2181/kafka &gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b4622111165517"> --add --allow-principal User:</strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i3367625194513">&lt;</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i93678253454">username&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b1162219114556"> --consumer --topic </strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i1622217244476">&lt;topic</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i72221224124710"> name&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b106221511145510"> --group </strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i12392132774716">&lt;</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i1139282720477">consumer group name&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b196221811165519"> --resource-pattern-type prefixed</strong></p>
<p id="mrs_01_0378__en-us_topic_0000001173949956_p8545125414543"><strong id="mrs_01_0378__en-us_topic_0000001173949956_b17638171195510">./kafka-acls.sh --bootstrap-server </strong>&lt;<em id="mrs_01_0378__en-us_topic_0000001173949956_i1252163134712">IP address of the Kafka</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i852153154712">cluster:21007&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b146381011125511"> --command-config ../config/client.properties --add --allow-principal User:</strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i203552279456">&lt;</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i19355172754512">username&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b18638121115518"> --consumer --topic </strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i19165536184713">&lt;topic</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i1916553604717">name&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b1763811118551"> --group </strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i84201739164714">&lt;</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i5420739164717">consumer group name&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b7638161145511"> --resource-pattern-type prefixed</strong></p>
</li><li id="mrs_01_0378__en-us_topic_0000001173949956_l1b691695d16c43dc8f4e034424635a85">Remove the consumer permission from a user:<p id="mrs_01_0378__en-us_topic_0000001173949956_aab879e8b40594d3aa5ce4dae6f293d86"><a name="mrs_01_0378__en-us_topic_0000001173949956_l1b691695d16c43dc8f4e034424635a85"></a><a name="en-us_topic_0000001173949956_l1b691695d16c43dc8f4e034424635a85"></a><strong id="mrs_01_0378__en-us_topic_0000001173949956_b835417457479">./kafka-acls.sh --authorizer-properties zookeeper.connect=</strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i637054516479">&lt;service IP address of any ZooKeeper node:</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i20370194554717">2181/kafka &gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b63544452473"> --remove --allow-principal User:</strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i1781113584515">&lt;</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i1881153510453">username&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b138204913479"> --consumer --topic</strong> <em id="mrs_01_0378__en-us_topic_0000001173949956_i121010497471">&lt;topic</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i31013492475"> name&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b261010527478"> --group </strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i261115216474">&lt;</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i7611155234710">consumer group name&gt;</em></p>
<p id="mrs_01_0378__en-us_topic_0000001173949956_p10789160124813"><strong id="mrs_01_0378__en-us_topic_0000001173949956_b1349631681217">./kafka-acls.sh --bootstrap-server </strong>&lt;<em id="mrs_01_0378__en-us_topic_0000001173949956_i198620561471">IP address of the Kafka</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i12986856164715">cluster:21007&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b1849611165126"> --command-config ../config/client.properties --remove --allow-principal User:</strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i138501239114514">&lt;</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i885023913456">username&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b3789191204819"><em id="mrs_01_0378__en-us_topic_0000001173949956_i17789161134816"> --consumer --topic </em></strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i137911619481">&lt;topic name&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b1149661661218"> </strong><strong id="mrs_01_0378__en-us_topic_0000001173949956_b468617424820">--group </strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i068816415482">&lt;</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i1688349489">consumer group name&gt;</em></p>
</li><li id="mrs_01_0378__en-us_topic_0000001173949956_li732623475616">Delete the consumer permission of a user in batches:<p id="mrs_01_0378__en-us_topic_0000001173949956_p164569485620"><a name="mrs_01_0378__en-us_topic_0000001173949956_li732623475616"></a><a name="en-us_topic_0000001173949956_li732623475616"></a><strong id="mrs_01_0378__en-us_topic_0000001173949956_b04561644567">./kafka-acls.sh </strong><strong id="mrs_01_0378__en-us_topic_0000001173949956_b15456248569">--authorizer-properties zookeeper.connect=</strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i1364071413487">&lt;service IP address of any ZooKeeper node:</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i164061417483">2181/kafka &gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b154571547563"> --remove --allow-principal User:</strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i10628341154513">&lt;</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i14628341144519">username&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b2457247563"> --consumer --topic </strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i128781318194810">&lt;topic</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i18781018154810"> name&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b34578455610"> --group </strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i1727832264813">&lt;</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i4279162294813">consumer group name&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b154572419563"> --resource-pattern-type prefixed</strong></p>
<p id="mrs_01_0378__en-us_topic_0000001173949956_p24574485610"><strong id="mrs_01_0378__en-us_topic_0000001173949956_b1445712415619">./kafka-acls.sh --bootstrap-server </strong>&lt;<em id="mrs_01_0378__en-us_topic_0000001173949956_i686912268484">IP address of the Kafka</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i10869142610485">cluster:21007&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b645717475615"> --command-config ../config/client.properties --remove --allow-principal User:</strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i93969438455">&lt;</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i18396144384515">username&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b1245718414568"> --consumer --topic </strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i15558333480">&lt;topic</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i85523317485">name&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b184579415567"> --group </strong><em id="mrs_01_0378__en-us_topic_0000001173949956_i1660593614818">&lt;</em><em id="mrs_01_0378__en-us_topic_0000001173949956_i116057362486">consumer group name&gt;</em><strong id="mrs_01_0378__en-us_topic_0000001173949956_b6457194165618"> --resource-pattern-type prefixed</strong></p>
</li></ul>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_0375.html">Using Kafka</a></div>
</div>
</div>
View Git Blame Copy Permalink