Open thibthibus opened 2 years ago
Maybe this is redundant with Issue #908 ...
maybe also but maybe one of you can add the documentation ? To be honest I always use an allow all user to connect to kafka. If someone can add the doc, I will be grateful
Salut Ludovic,
Ok I understand, we need specifically to restrict these admin features of AKHQ. Where would you see this part in the existing doc ? I can try to contribute, for sure.
Regards,
Thibaut
There is no existing page on that for now ;) You have a full white page for you :smile:
Hi,
I don't find in the documentation the requirements regarding the ACLs for the KafkaUser used by AKHQ to access Kafka cluster. In our experimentations we ended up with this configuration:
I don't understand however why the last 2 ACLs are required. I tried to remove the Describe ConsumerGroup '*' and replaced it with a more restrictive permission (only to a specific consumer group prefix) but it gives an error in AKHQ as apparently it tries to go through all available consumer groups. Regarding the last one, I wonder if it is really required as I don't see this consumer group at all... (but maybe it's hidden by default in AKHQ)
As we want to give more permissions on some AKHQ instances, we need to be sure that the users will only see the topics & consumer groups for which they're authorized.
Thanks for your help on this
Thibaut