if you're running that at a bash or similar shell, you need to quote the "*" so that bash doesn't expand it as a glob:
./kafka-acls.sh --authorizer-properties zookeeper.connect=<connection-str> --add --allow-principal User:"user01" --topic 'com.domain.xyz.*' --group group01 --operation read It may be instructive to look at what data is in zookeeper for the acls to debug this. On Mon, Sep 5, 2016 at 7:38 PM, Derar Alassi <derar.ala...@gmail.com> wrote: > Hi all, > > Although the documentation mentions that one can use wildcards with topic > ACLs, I couldn't get that to work. Essentially, I want to set an Allow > Read/Write ACL on topics com.domain.xyz.* to a certain user. This would > give this user Read/Write access to topics com.domain.xyz.abc and > com.domain.xyz.def . > > I set an ACL using this command: > ./kafka-acls.sh --authorizer-properties zookeeper.connect=<connection-str> > --add --allow-principal User:"user01" --topic com.domain.xyz.* --group > group01 --operation read > > When I try to consume from the topic com.domain.xyz.abc using the same > user ID and group, I get NOT_AUTHORIZED error. > > Anything I am missing? > > Thanks, > Derar >
