KIP-231 — Improve the Required ACL of ListGroups API
Accepted Kafka 2.1 SecurityAdmin
Relaxes the ACL requirement for ListGroups from requiring Describe permission on the Cluster resource to returning only groups the caller has Describe permission on, silently filtering others. The existing design required Cluster-level Describe to list any groups, which is an overly broad privilege — service accounts only needed to see their own groups but had to be granted cluster-wide visibility.
Protocol Impact
Details
| Author | Vahid Hashemian |
| Status | Accepted |
| Kafka Version | 2.1 |
| JIRA | KAFKA-5638 |
| Wiki | View on Apache Wiki |
| Created | 2017-11-29 |
| Last Modified | 2018-10-24 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.