KIP-163 — Lower the Minimum Required ACL Permission of OffsetFetch
Accepted Kafka 1.0 SecurityProtocol
Lowers the minimum ACL permission required for the `OffsetFetch` API from `READ` on the group to `DESCRIBE` on the group, so read-only operators can inspect consumer group offsets without being granted full `READ` access. The `READ` permission on a consumer group also grants the ability to join the group and consume data, which is excessive for monitoring-only use cases.
Details
| Author | Vahid Hashemian |
| Status | Accepted |
| Kafka Version | 1.0 |
| JIRA | KAFKA-4585 |
| Wiki | View on Apache Wiki |
| Created | 2017-05-26 |
| Last Modified | 2017-09-07 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.