This document describes how to configure SASL authentication and ACL (access control list) rules in the CKafka console to enhance access control in public/private network transfers and permission control in production and consumption of resources such as topics.
Note:
- Kafka offers various security authentication mechanisms, which mainly include SSL and SASL. SASL/PLAIN is an authentication method based on account and password and is more commonly used. CKafka supports SASL_PLAINTEXT authentication (for more information, see Adding Routing Policy).
- An ACL helps you define a set of permission rules to allow/deny users to read/write topic resources through IPs.
Note:
- If allow rules are configured only, any IPs other than those configured with allow rules cannot connect to the instance.
- If deny rules are configured only, any IPs other than those configured with deny rules can connect to the instance.
- If allow and deny rules are simultaneously configured, only IPs with allow rules can connect to the instance.
You can grant permissions to the user through Topics, Topic name prefix, or Preset rules.
NoteYou can enter multiple IPs or IP ranges and separate them by
;
when configuring the ACL policy. If the IP is empty, the permission will be added for all IPs by default.
NoteUp to five fuzzy matching rules can be set.
NoteUp to five preset rules can be set.
NoteWhen adding an ACL policy, you don't need to select any user, and read/write permissions are added to all users by default.
Was this page helpful?