ASF GitHub Bot commented on KAFKA-4585:

GitHub user vahidhashemian opened a pull request:


    KAFKA-4585: Lower the Minimum Required ACL Permission of OffsetFetch 

    Details can be found in the 

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/vahidhashemian/kafka KAFKA-4585

Alternatively you can review and apply these changes as the patch at:


To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #3661
commit be9e43db15952122836618520b7a166641c9914d
Author: Vahid Hashemian <vahidhashem...@us.ibm.com>
Date:   2017-08-11T20:32:56Z

    KAFKA-4585: Lower the Minimum Required ACL Permission of OffsetFetch 
    Details can be found in the 


> KIP-163: Offset fetch and commit requests use the same permissions
> ------------------------------------------------------------------
>                 Key: KAFKA-4585
>                 URL: https://issues.apache.org/jira/browse/KAFKA-4585
>             Project: Kafka
>          Issue Type: Bug
>          Components: consumer
>    Affects Versions:
>            Reporter: Ewen Cheslack-Postava
>            Assignee: Vahid Hashemian
>              Labels: kip
> Currently the handling of permissions for consumer groups seems a bit odd 
> because most of the requests use the Read permission on the Group (join, 
> sync, heartbeat, leave, offset commit, and offset fetch). This means you 
> cannot lock down certain functionality for certain users. For this issue I'll 
> highlight a realistic issue since conflating the ability to perform most of 
> these operations may not be a serious issue.
> In particular, if you want tooling for monitoring offsets (i.e. you want to 
> be able to read from all groups) but don't want that tool to be able to write 
> offsets, you currently cannot achieve this. Part of the reason this seems odd 
> to me is that any operation which can mutate state seems like it should be a 
> Write operation (i.e. joining, syncing, leaving, and committing; maybe 
> heartbeat as well). However, [~hachikuji] has mentioned that the use of Read 
> may have been intentional. If that is the case, changing at least offset 
> fetch to be a Describe operation instead would allow isolating the mutating 
> vs non-mutating request types.
> Note that this would require a KIP and would potentially have some 
> compatibility implications. Note however, that if we went with the Describe 
> option, Describe is allowed by default when Read, Write, or Delete are 
> allowed, so this may not have to have any compatibility issues (if the user 
> previously allowed Read, they'd still have all the same capabilities as 
> before).

This message was sent by Atlassian JIRA

Reply via email to