KIP-277 — Fine Grained ACL for CreateTopics API
Accepted Kafka 2.0 SecurityAdmin
Changes CreateTopics ACL checks from requiring Describe+Create on the Cluster resource to requiring Create permission on the specific Topic resource being created, enabling per-topic create ACLs. The cluster-level ACL for topic creation was asymmetric with DeleteTopics (which used topic-level ACLs) and prevented granting users the ability to manage only their own topic namespace.
Protocol Impact
Details
| Author | Edoardo Comar |
| Status | Accepted |
| Kafka Version | 2.0 |
| JIRA | KAFKA-6726 |
| Wiki | View on Apache Wiki |
| Created | 2018-03-29 |
| Last Modified | 2018-05-25 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.