Versions Compared

Old Version 5

changes.mady.by.user Manikumar Reddy O.

Saved on

compared with

New Version Current

changes.mady.by.user Manikumar Reddy O.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


When implementing a custom Authorizer, one has to map authorization requests coming from Kafka to a different backend system.

 


The following table lists all the authorization combinations that can come from Kafka as of 2.0:

...



TopicGroupCluster (singleton)TransactionalIdDelegationToken
ProduceWrite
    





Produce (Idempotent)Write
 

IdempotentWrite
  



Produce (Transactional)Write
  


Write
 


Fetch (Follower)

Read
 

ClusterAction
 
 



Fetch (Consumer)Read
    





ListOffsetsDescribe
    





MetadataDescribe
    





LeaderAndIsr
  


ClusterAction
  



StopReplica
  


ClusterAction
  



UpdateMetadata
  


ClusterAction
  



ControlledShutdown
  


ClusterAction
  



OffsetCommitReadRead
   




OffsetFetchDescribeDescribe
   




FindCoordinator (Group)
 

Describe
   




FindCoordinator (Transaction)
   



Describe
 


JoinGroup
 

Read
   




Heartbeat
 

Read
  
 




LeaveGroup
 

Read
   




SyncGroup
 

Read
   




DescribeGroups
 

Describe
   




ListGroups
  


Describe
  



SaslHandshake
     






ApiVersions
 
    






CreateTopicsCreate (Added in 2.0)
 

Create
  


From 2.0 onwards, CREATE permission on Topic OR

CREATE permission on Cluster is required.

DeleteTopicsDelete
    





DeleteRecordsDelete
 
   





InitProducerId (Idempotent)
  


IdempotentWrite
 
 



InitProducerId (Transaction)
   



Write
 


OffsetsForLeaderEpoch
  


ClusterAction
  



AddPartitionsToTxnWrite
  


Write
 


AddOffsetsToTxn
 

Read
 

Write
 


EndTxn
   



Write
 


WriteTxnMarkers
  


ClusterAction
  



TxnOffsetCommitReadRead
 

Write
 


DescribeAcls
  


Describe
  



CreateAcls
  


Alter
  



DeleteAcls
  


Alter
  



DescribeConfigs (Broker)
  


DescribeConfigs
  



DescribeConfigs (Topic)DescribeConfigs
    





AlterConfigs (Broker)

 

 


AlterConfigs
  



AlterConfigs (Topic)AlterConfigs
 
   





AlterReplicaLogDirs
  


Alter
  



DescribeLogDirs
 
 


Describe
  



SaslAuthenticate
 
    






CreatePartitionsAlter
  
  





CreateDeletegationToken
 
    






RenewDelegationToken
     






ExpireDelegationToken
 
    






DescribeDelegationTokens
    




Describe
DeleteGroups
 

Delete
   





The following table lists all the authorization combinations that can come from Kafka as of 1.1.0:

 

...



TopicGroupCluster (singleton)TransactionalIdDelegationToken
ProduceWrite
    




Produce (Idempotent)Write
 

IdempotentWrite
  


Produce (Transactional)Write
  


Write
 

Fetch (Follower)

Read
 

ClusterAction
  


Fetch (Consumer)Read
    




ListOffsetsDescribe
    




MetadataDescribe
    




LeaderAndIsr
  


ClusterAction
  


StopReplica
  


ClusterAction
  


UpdateMetadata
  


ClusterAction
  


ControlledShutdown
 
 


ClusterAction
  


OffsetCommitReadRead
 
  



OffsetFetchDescribeDescribe
   



FindCoordinator (Group)
 

Describe
   



FindCoordinator (Transaction)
   



Describe
 

JoinGroup
 

Read
   



Heartbeat
 

Read
   



LeaveGroup
 

Read
   



SyncGroup
 

Read
   



DescribeGroups
 

Describe
 
  



ListGroups
  


Describe
  


SaslHandshake
     





ApiVersions
 
    





CreateTopics
  


Create
  


DeleteTopicsDelete
    




DeleteRecordsDelete
    




InitProducerId (Idempotent)
  


IdempotentWrite
 
 


InitProducerId (Transaction)
   



Write
 

OffsetsForLeaderEpoch
  


ClusterAction
 
 


AddPartitionsToTxnWrite
  


Write
 

AddOffsetsToTxn
 

Read
 

Write
 

EndTxn
   



Write
 

WriteTxnMarkers
  


ClusterAction
  


TxnOffsetCommitReadRead
 

Write
 

DescribeAcls
  


Describe
  


CreateAcls
  


Alter
  


DeleteAcls
  


Alter
  


DescribeConfigs (Broker)
  


DescribeConfigs
  


DescribeConfigs (Topic)DescribeConfigs
    




AlterConfigs (Broker)

  


AlterConfigs
  


AlterConfigs (Topic)AlterConfigs
    




AlterReplicaLogDirs
  


Alter
  


DescribeLogDirs
 
 


Describe
  


SaslAuthenticate
 
    





CreatePartitionsAlter
  
  




CreateDeletegationToken
     





RenewDelegationToken
     





ExpireDelegationToken
     





DescribeDelegationTokens
    




Describe
DeleteGroups
 

Delete