Kafka Exception AuthorizationException
org.apache.kafka.common.errors.AuthorizationException
Non-retriable
Security
AuthorizationException is a Kafka client-side exception (org.apache.kafka.common.errors.AuthorizationException).
Common Causes
- The authenticated principal lacks an ACL for the attempted operation (Read/Write/Describe) on the topic, group, or cluster resource
- An authorizer is configured and default behavior denies access (allow.everyone.if.no.acl.found=false) with no matching ACL
- The operation targets a resource pattern (prefixed/literal) not covered by the granted ACLs
Solutions
- Grant the specific ACL the principal needs with kafka-acls.sh (e.g. --operation Write --topic <t> --allow-principal User:<p>)
- Confirm which principal the client authenticates as — ACLs are keyed on the exact principal string
- List existing ACLs to see what is (and isn't) granted on the resource
Example Stack Trace
org.apache.kafka.common.errors.AuthorizationException: Not authorized to perform this operation (the concrete subclass is usually TopicAuthorizationException, GroupAuthorizationException, or ClusterAuthorizationException)Diagnostic Commands
# List ACLs on a topic
kafka-acls.sh --bootstrap-server localhost:9092 --list --topic <topic>Related
Related Security exceptions: AuthenticationException · AuthorizerNotReadyException · ClusterAuthorizationException · GroupAuthorizationException · IllegalSaslStateException · SaslAuthenticationException · SslAuthenticationException · TopicAuthorizationException
Hitting
AuthorizationException in production? Conduktor Console gives you real-time visibility into clients, consumer groups, and broker health. Browse every Kafka exception or protocol error code.