Yes, it is possible. For PLAINTEXT port, we can add ACLs for principal "User:ANONYMOUS". For SSL port, we can add ACLs for SSL username. For SASL port, we can add ACLs for SASL username. Each of these users can have their own ACLs permissions.
On Tue, Feb 14, 2017 at 6:37 AM, Stephane Maarek < steph...@simplemachines.com.au> wrote: > Hi, > > We have a Kafka cluster in dev, and ideally I’d like the following ports to > be opened: > 9092 -> PLAINTEXT > 9093 -> SSL > 9094 -> SASL_PLAINTEXT > 9095 -> SASL_SSL > > The goal is to allow applications to slowly evolve toward 9095 and then > migrate to prod where 9095 is the only port opened. > > *Is it possible to enable security in my dev cluster (i.e. topics belong to > certain users, acls etc) while having some apps hitting 9092, 9093 and > being allowed to read from certain topics? * > > I’m just wondering if it’s a black and white type of situation or if it can > be a mixed grey > > Thanks! > Stephane >
