PrincipalType string "User" is case sensitive. Try creating acls for "User:storm-mytestcluster" principal.
On Sat, Sep 29, 2018 at 9:04 PM Bala <kbkre...@yahoo.com.invalid> wrote: > Yes, I followed all the docs and thing is it's connecting as expected and > sending the right user to the server. The problem is that when I list ACL's > I am seeing that the user has all the access. But when the producer trying > to connect to the server, the server is logging message saying that the > user is denied. Something is not right and I want to know how to debug this > further to find out why the server thinks the user has no access. > > I even tried adding the user to the super users and still not able to > access the topic. > I am using Kafka 1.0.0. > On Friday, September 28, 2018, 8:14:30 PM EDT, Vahid Hashemian < > vahid.hashem...@gmail.com> wrote: > > Your produce needs to have Write access to the topic. But as you mentioned > All should cover Write. Which version of Kafka are you using? > FYI, more authn/authz information can be found here for some of the common > client operations: > https://developer.ibm.com/opentech/2017/05/31/kafka-acls-in-practice/ > > --Vahid > > On Fri, Sep 28, 2018 at 9:13 AM Bala <kbkre...@yahoo.com.invalid> wrote: > > > Producer using the Java API. I did configure the jaas config as per docs. > > It looks like is working and the authentication is succeeded but the > > authorization is not honoring the ACL > > On Friday, September 28, 2018, 11:56:24 AM EDT, Vahid Hashemian < > > vahid.hashem...@gmail.com> wrote: > > > > Hi Bala, > > > > What operation/command are you trying that gives you this error? > > > > --Vahid > > > > On Fri, Sep 28, 2018 at 7:12 AM Bala <kbkre...@yahoo.com.invalid> wrote: > > > > > I have a kafka with kerberos security and trying to use the ACL and am > > not > > > able to make it work. > > > > > > Here is the error I am seeing in the server log.[2018-09-28 > 14:06:54,152] > > > INFO Principal = User:storm-mytestcluster is Denied Operation = > Describe > > > from host = <ip address of host> on resource = Topic:icd_alpha > > > (kafka.authorizer.logger) > > > [2018-09-28 14:06:54,312] INFO Principal = User:storm-mytestcluster is > > > Denied Operation = Describe from host = <ip address of host> on > resource > > = > > > Topic:icd_alpha (kafka.authorizer.logger) > > > [2018-09-28 14:06:54,472] INFO Principal = User:storm-mytestcluster is > > > Denied Operation = Describe from host = <ip address of host> on > resource > > = > > > Topic:icd_alpha (kafka.authorizer.logger) > > > [2018-09-28 14:06:54,631] INFO Principal = User:storm-mytestcluster is > > > Denied Operation = Describe from host = <ip address of host> on > resource > > = > > > Topic:icd_alpha (kafka.authorizer.logger) > > > [2018-09-28 14:06:54,793] INFO Principal = User:storm-mytestcluster is > > > Denied Operation = Describe from host = <ip address of host> on > resource > > = > > > Topic:icd_alpha (kafka.authorizer.logger) > > > [2018-09-28 14:06:54,953] INFO Principal = User:storm-mytestcluster is > > > Denied Operation = Describe from host = <ip address of host> on > resource > > = > > > Topic:icd_alpha (kafka.authorizer.logger) > > > > > > > > > > > > But the user has full access to the topic: Here is the output of `list > ` > > > command > > > > > > Current ACLs for resource `Topic:icd_alpha`: > > > user:storm-mytestcluster has Allow permission for operations: All > > > from hosts: * > > > > > > Please help me, as I am kind of blocked and don't know how to proceed > > > further. > > > ThanksBala > > > > > >
