Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Does kafka2.2.0 in CDH 5.11.2 support ACL's on topics??

SOLVED Go to solution

Does kafka2.2.0 in CDH 5.11.2 support ACL's on topics??

Expert Contributor

Hi,

 

Does kafka2.2.0 in CDH 5.11.2 support ACL's on topics?? Can we use AD Users and groups for this ACL's? Do we have any documents for this? We have kerberos enables.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Does kafka2.2.0 in CDH 5.11.2 support ACL's on topics??

Expert Contributor

Had to go with sentry and hdfs. Sentry is tightly coupled with hdfs and has a mandatory config "HDFS Service" so you need to have hdfs. you can configure hdfs and sentry and stop hdfs once sentry is completely configured

3 REPLIES 3

Re: Does kafka2.2.0 in CDH 5.11.2 support ACL's on topics??

Super Collaborator

Kafka 2.2 uses sentry to provide authorization for kafka topics:

 

https://www.cloudera.com/documentation/kafka/2-2-x/topics/kafka_security.html#using_kafka_with_sentr...

 

If you are using kerberos, you can add the sentry service and then follow the documentation for configuring kafka privileges.

 

-pd

Re: Does kafka2.2.0 in CDH 5.11.2 support ACL's on topics??

Expert Contributor

Hi @pdvorak

 

We did try going with that approach but in our streaming cluster, we have only kafka and zookeeper services. When tried adding sentry, it was asking for hdfs service also to be presnt to add sentry. Not sure why hdfs is required for sentry to be available!!! I tried adding ACL's from command line, ACL's were created but that did not work.

Re: Does kafka2.2.0 in CDH 5.11.2 support ACL's on topics??

Expert Contributor

Had to go with sentry and hdfs. Sentry is tightly coupled with hdfs and has a mandatory config "HDFS Service" so you need to have hdfs. you can configure hdfs and sentry and stop hdfs once sentry is completely configured