Your produce needs to have Write access to the topic. But as you mentioned
All should cover Write. Which version of Kafka are you using?
FYI, more authn/authz information can be found here for some of the common
client operations:
https://developer.ibm.com/opentech/2017/05/31/kafka-acls-in-practice/

--Vahid

On Fri, Sep 28, 2018 at 9:13 AM Bala <kbkre...@yahoo.com.invalid> wrote:

> Producer using the Java API. I did configure the jaas config as per docs.
> It looks like is working and the authentication is succeeded but the
> authorization is not honoring the ACL
>    On Friday, September 28, 2018, 11:56:24 AM EDT, Vahid Hashemian <
> vahid.hashem...@gmail.com> wrote:
>
>  Hi Bala,
>
> What operation/command are you trying that gives you this error?
>
> --Vahid
>
> On Fri, Sep 28, 2018 at 7:12 AM Bala <kbkre...@yahoo.com.invalid> wrote:
>
> > I have a kafka with kerberos security and trying to use the ACL and am
> not
> > able to make it work.
> >
> > Here is the error I am seeing in the server log.[2018-09-28 14:06:54,152]
> > INFO Principal = User:storm-mytestcluster is Denied Operation = Describe
> > from host = <ip address of host> on resource = Topic:icd_alpha
> > (kafka.authorizer.logger)
> > [2018-09-28 14:06:54,312] INFO Principal = User:storm-mytestcluster is
> > Denied Operation = Describe from host = <ip address of host> on resource
> =
> > Topic:icd_alpha (kafka.authorizer.logger)
> > [2018-09-28 14:06:54,472] INFO Principal = User:storm-mytestcluster is
> > Denied Operation = Describe from host = <ip address of host> on resource
> =
> > Topic:icd_alpha (kafka.authorizer.logger)
> > [2018-09-28 14:06:54,631] INFO Principal = User:storm-mytestcluster is
> > Denied Operation = Describe from host = <ip address of host> on resource
> =
> > Topic:icd_alpha (kafka.authorizer.logger)
> > [2018-09-28 14:06:54,793] INFO Principal = User:storm-mytestcluster is
> > Denied Operation = Describe from host = <ip address of host> on resource
> =
> > Topic:icd_alpha (kafka.authorizer.logger)
> > [2018-09-28 14:06:54,953] INFO Principal = User:storm-mytestcluster is
> > Denied Operation = Describe from host = <ip address of host> on resource
> =
> > Topic:icd_alpha (kafka.authorizer.logger)
> >
> >
> >
> > But the user has full access to the topic: Here is the output of `list `
> > command
> >
> > Current ACLs for resource `Topic:icd_alpha`:
> >      user:storm-mytestcluster has Allow permission for operations: All
> > from hosts: *
> >
> > Please help me, as I am kind of blocked and don't know how to proceed
> > further.
> > ThanksBala
> >
>

Reply via email to