KIP-11 — Kafka Authorizer design
Accepted Security
Introduces a pluggable `Authorizer` interface for Kafka that brokers call to authorize produce, fetch, and admin operations based on session attributes (user, IP, certificate CN). As enterprise adoption grows, there is demand for fine-grained access control to topics that cannot be met by embedding a single hardcoded authorization implementation in the broker.
Protocol Impact
Details
| Author | Bosco |
| Status | Accepted |
| JIRA | KAFKA-1688 |
| Wiki | View on Apache Wiki |
| Created | 2015-01-28 |
| Last Modified | 2015-10-27 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.