[jira] [Updated] (KAFKA-20651) Cache parsed KafkaPrincipal in StandardAcl.kafkaPrincipal()

ibenchhida (Jira) Mon, 01 Jun 2026 13:19:07 -0700


     [ 
https://issues.apache.org/jira/browse/KAFKA-20651?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


ibenchhida updated KAFKA-20651:
-------------------------------
    Summary: Cache parsed KafkaPrincipal in StandardAcl.kafkaPrincipal()  (was: 
High CPU usage in StandardAuthorizerData.findAclRule due to O(N) ACL scanning 
and lack of principal-level indexing)

> Cache parsed KafkaPrincipal in StandardAcl.kafkaPrincipal()
> -----------------------------------------------------------
>
>                 Key: KAFKA-20651
>                 URL: https://issues.apache.org/jira/browse/KAFKA-20651
>             Project: Kafka
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 3.9.2
>         Environment: KRaft clusters using StandardAuthorizer (3.4.0+)
>            Reporter: ibenchhida
>            Priority: Critical
>              Labels: authorization, performance
>
> {{StandardAuthorizerData.findAclRule}} and {{checkSection}} perform linear 
> scans over the global ACL set ({{{}aclsByResource{}}}) for each authorization 
> request.
> With large ACL datasets (e.g. ~7000 ACLs), this results in excessive CPU 
> usage due to repeated evaluation of irrelevant ACLs for a given principal.
> The current design filters ACLs by principal only at evaluation time 
> ({{{}findResult{}}}), instead of narrowing the search space earlier.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (KAFKA-20651) Cache parsed KafkaPrincipal in StandardAcl.kafkaPrincipal()

Reply via email to