THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
When implementing a custom Authorizer, one has to map authorization requests coming from Kafka to a different backend system.
The following table lists all the authorization combinations that can come from Kafka as of 2.0:
| Topic | Group | Cluster (singleton) | TransactionalId | DelegationToken | ||
|---|---|---|---|---|---|---|
| Produce | Write | |||||
| Produce (Idempotent) | Write | IdempotentWrite | ||||
| Produce (Transactional) | Write | Write | ||||
Fetch (Follower) | Read | ClusterAction | ||||
| Fetch (Consumer) | Read | |||||
| ListOffsets | Describe | |||||
| Metadata | Describe | |||||
| LeaderAndIsr | ClusterAction | |||||
| StopReplica | ClusterAction | |||||
| UpdateMetadata | ClusterAction | |||||
| ControlledShutdown | ClusterAction | |||||
| OffsetCommit | Read | Read | ||||
| OffsetFetch | Describe | Describe | ||||
| FindCoordinator (Group) | Describe | |||||
| FindCoordinator (Transaction) | Describe | |||||
| JoinGroup | Read | |||||
| Heartbeat | Read | |||||
| LeaveGroup | Read | |||||
| SyncGroup | Read | |||||
| DescribeGroups | Describe | |||||
| ListGroups | Describe | |||||
| SaslHandshake | ||||||
| ApiVersions | ||||||
| CreateTopics | Create (Added in 2.0) | Create | From 2.0 onwards, CREATE permission on Topic OR CREATE permission on Cluster is required. | |||
| DeleteTopics | Delete | |||||
| DeleteRecords | Delete | |||||
| InitProducerId (Idempotent) | IdempotentWrite | |||||
| InitProducerId (Transaction) | Write | |||||
| OffsetsForLeaderEpoch | ClusterAction | |||||
| AddPartitionsToTxn | Write | Write | ||||
| AddOffsetsToTxn | Read | Write | ||||
| EndTxn | Write | |||||
| WriteTxnMarkers | ClusterAction | |||||
| TxnOffsetCommit | Read | Read | Write | |||
| DescribeAcls | Describe | |||||
| CreateAcls | Alter | |||||
| DeleteAcls | Alter | |||||
| DescribeConfigs (Broker) | DescribeConfigs | |||||
| DescribeConfigs (Topic) | DescribeConfigs | |||||
AlterConfigs (Broker) | AlterConfigs | |||||
| AlterConfigs (Topic) | AlterConfigs | |||||
| AlterReplicaLogDirs | Alter | |||||
| DescribeLogDirs | Describe | |||||
| SaslAuthenticate | ||||||
| CreatePartitions | Alter | |||||
| CreateDeletegationToken | ||||||
| RenewDelegationToken | ||||||
| ExpireDelegationToken | ||||||
| DescribeDelegationTokens | Describe | |||||
| DeleteGroups | Delete |
The following table lists all the authorization combinations that can come from Kafka as of 1.1.0:
| Topic | Group | Cluster (singleton) | TransactionalId | DelegationToken | |
|---|---|---|---|---|---|
| Produce | Write | ||||
| Produce (Idempotent) | Write | IdempotentWrite | |||
| Produce (Transactional) | Write | Write | |||
Fetch (Follower) | Read | ClusterAction | |||
| Fetch (Consumer) | Read | ||||
| ListOffsets | Describe | ||||
| Metadata | Describe | ||||
| LeaderAndIsr | ClusterAction | ||||
| StopReplica | ClusterAction | ||||
| UpdateMetadata | ClusterAction | ||||
| ControlledShutdown | ClusterAction | ||||
| OffsetCommit | Read | Read | |||
| OffsetFetch | Describe | Describe | |||
| FindCoordinator (Group) | Describe | ||||
| FindCoordinator (Transaction) | Describe | ||||
| JoinGroup | Read | ||||
| Heartbeat | Read | ||||
| LeaveGroup | Read | ||||
| SyncGroup | Read | ||||
| DescribeGroups | Describe | ||||
| ListGroups | Describe | ||||
| SaslHandshake | |||||
| ApiVersions | |||||
| CreateTopics | Create | ||||
| DeleteTopics | Delete | ||||
| DeleteRecords | Delete | ||||
| InitProducerId (Idempotent) | IdempotentWrite | ||||
| InitProducerId (Transaction) | Write | ||||
| OffsetsForLeaderEpoch | ClusterAction | ||||
| AddPartitionsToTxn | Write | Write | |||
| AddOffsetsToTxn | Read | Write | |||
| EndTxn | Write | ||||
| WriteTxnMarkers | ClusterAction | ||||
| TxnOffsetCommit | Read | Read | Write | ||
| DescribeAcls | Describe | ||||
| CreateAcls | Alter | ||||
| DeleteAcls | Alter | ||||
| DescribeConfigs (Broker) | DescribeConfigs | ||||
| DescribeConfigs (Topic) | DescribeConfigs | ||||
AlterConfigs (Broker) | AlterConfigs | ||||
| AlterConfigs (Topic) | AlterConfigs | ||||
| AlterReplicaLogDirs | Alter | ||||
| DescribeLogDirs | Describe | ||||
| SaslAuthenticate | |||||
| CreatePartitions | Alter | ||||
| CreateDeletegationToken | |||||
| RenewDelegationToken | |||||
| ExpireDelegationToken | |||||
| DescribeDelegationTokens | Describe | ||||
| DeleteGroups | Delete |