Hi, While creating the ACL you can do that however while Kafka authorizing it does not support any REGEX for users You have to create a new Authorizer class by extending Authorizer f.i "SimpleAclAuthorizer.scala" -> https://github.com/apache/kafka/blob/trunk/core/src/main/scala/kafka/security/auth/SimpleAclAuthorizer.scala
Then you can tell Kafka to use your authorizer from the server.properties as: authorizer.class.name=com.example.CustomAclAuthorizer Then you can do any kind of authorization yourself Regards hui happy <happyhi...@gmail.com>, 27 Ara 2018 Per, 02:18 tarihinde şunu yazdı: > Hi > > As I learned that kafka can use '--resource-pattern-type prefixed' to add > rule for prefixed topic. > For example an user 'kafkaclient', we could define a rule let the user can > access all topics start with that user name, i.e., 'kafkaclient--', such > as 'kafkaclient--topic1', 'kafkaclient--topic2', etc. > > /opt/kafka/bin/kafka-acls.sh \ > > --authorizer-properties zookeeper.connect=zookeeper:2181 \ > > --add \ > > --allow-principal User:"kafkaclient" \ > > --operation All \ > > --resource-pattern-type prefixed \ > > --topic "kafkaclient--" \ > > > But is it possible to define dynamic user name ? > In above case we know the username is 'kafkaclient', and if there are many > other users, we have to add rule for each user; these rules are similar, > except the user name. > > So i want to know if it's possible to just define a single rule, using > dynamic user name, each user could access the topics start with itself > username. something likes: > > /opt/kafka/bin/kafka-acls.sh \ > > --authorizer-properties zookeeper.connect=zookeeper:2181 \ > > --add \ > > --allow-principal User:"*<USER>*" \ > > --operation All \ > > --resource-pattern-type prefixed \ > > --topic "*<USER>*--" \ > > > Then whatever to add user or add topic later, we don't need to add any > rules. > > Thanks. > Hui >