KIP-1037 — Allow WriteTxnMarkers API with Alter Cluster Permission
Accepted Kafka 3.8 SecurityTransactions
Allows the WriteTxnMarkers API to be authorized with the Alter permission on the Cluster resource in addition to the existing ClusterAction permission, enabling non-broker admin clients to abort hanging transactions (as introduced by KIP-664) without needing ClusterAction. ClusterAction is reserved for inter-broker communication and granting it to operator tooling violates the principle of least privilege.
Details
| Author | Nikhil Ramakrishnan |
| Status | Accepted |
| Kafka Version | 3.8 |
| JIRA | KAFKA-16513 |
| Wiki | View on Apache Wiki |
| Created | 2024-04-11 |
| Last Modified | 2024-04-30 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.