Hi all, While debugging an issue in our dev environment, I came to the realization that we are not setting the DESCRIBE ACL permission for a given topic/service-account mapping, yet the consumer is able to fetch messages from that topic without any issues.
The documentation says this topic ACL allows for the following API requests: ListOffsets, Metadata, OffsetFetch. These are all API calls that a consumer makes during normal operations and we are indeed able to successfully get responses to these calls without granting the TOPIC DESCRIBE ACL to the topic/service-account being used by the consumer. Ref: https://docs.confluent.io/platform/current/kafka/authorization.html#operations Best regards, Gustavo
