Your produce needs to have Write access to the topic. But as you mentioned All should cover Write. Which version of Kafka are you using? FYI, more authn/authz information can be found here for some of the common client operations: https://developer.ibm.com/opentech/2017/05/31/kafka-acls-in-practice/
--Vahid On Fri, Sep 28, 2018 at 9:13 AM Bala <kbkre...@yahoo.com.invalid> wrote: > Producer using the Java API. I did configure the jaas config as per docs. > It looks like is working and the authentication is succeeded but the > authorization is not honoring the ACL > On Friday, September 28, 2018, 11:56:24 AM EDT, Vahid Hashemian < > vahid.hashem...@gmail.com> wrote: > > Hi Bala, > > What operation/command are you trying that gives you this error? > > --Vahid > > On Fri, Sep 28, 2018 at 7:12 AM Bala <kbkre...@yahoo.com.invalid> wrote: > > > I have a kafka with kerberos security and trying to use the ACL and am > not > > able to make it work. > > > > Here is the error I am seeing in the server log.[2018-09-28 14:06:54,152] > > INFO Principal = User:storm-mytestcluster is Denied Operation = Describe > > from host = <ip address of host> on resource = Topic:icd_alpha > > (kafka.authorizer.logger) > > [2018-09-28 14:06:54,312] INFO Principal = User:storm-mytestcluster is > > Denied Operation = Describe from host = <ip address of host> on resource > = > > Topic:icd_alpha (kafka.authorizer.logger) > > [2018-09-28 14:06:54,472] INFO Principal = User:storm-mytestcluster is > > Denied Operation = Describe from host = <ip address of host> on resource > = > > Topic:icd_alpha (kafka.authorizer.logger) > > [2018-09-28 14:06:54,631] INFO Principal = User:storm-mytestcluster is > > Denied Operation = Describe from host = <ip address of host> on resource > = > > Topic:icd_alpha (kafka.authorizer.logger) > > [2018-09-28 14:06:54,793] INFO Principal = User:storm-mytestcluster is > > Denied Operation = Describe from host = <ip address of host> on resource > = > > Topic:icd_alpha (kafka.authorizer.logger) > > [2018-09-28 14:06:54,953] INFO Principal = User:storm-mytestcluster is > > Denied Operation = Describe from host = <ip address of host> on resource > = > > Topic:icd_alpha (kafka.authorizer.logger) > > > > > > > > But the user has full access to the topic: Here is the output of `list ` > > command > > > > Current ACLs for resource `Topic:icd_alpha`: > > user:storm-mytestcluster has Allow permission for operations: All > > from hosts: * > > > > Please help me, as I am kind of blocked and don't know how to proceed > > further. > > ThanksBala > > >
