操作团队是否可以限制应用程序团队在kafka集群上创建kafka流中间主题?
Kafka provides authorisation mechanisms and more precisely, a pluggable Authorizer
. You can either use the simple Authorizer
implementation which is provided by Kafka by including the following configuration in server.properties
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
or you can create your own class that implements Authorizer
Interface. Again, you'd need to provide the authorizer.class.name
in server.properties
broker configuration file.
When an authorizer is configured, access to resources is limited to Super Users and therefore if a resource has no associated ACLs, then the access is restricted only to these Super Users. In order to define super users, you simply need to include them in the server.properties
configuration;
super.users=User:Bob;User:Alice
This is the default behaviour, and can be amended by including the following configuration in server.properties
file
allow.everyone.if.no.acl.found=true
that essentially enables access to every user when no ACLs are configured.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.