vzhikserg opened a new issue #7711: URL: https://github.com/apache/pulsar/issues/7711
**Describe the bug** In the case when the [proxy roles](https://pulsar.apache.org/docs/en/security-authorization/#proxy-roles) are used to enable authentication between proxy and broker components, the **broker uses the proxy role instead of the original role** to check if it is allowed to consume or produce data from a topic. If the proxy role has more rights (consume and produce), then a client will be able to do both of these operations even if the original role says "only consume" or "only produce". A clear and concise description of what the bug is. **To Reproduce** Steps to reproduce the behavior: 1. Enable the proxy role 2. Allow the proxy role to consume and produce 3. Allow the test role to consume 4. Start producing messages with the test role 5. Messages are successfully published **Expected behavior** Some kind of exception is expected - not allowed operation. **Screenshots** If applicable, add screenshots to help explain your problem. **Desktop (please complete the following information):** - OS: [e.g. iOS] **Additional context** Add any other context about the problem here. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
