Conduktor
HomeDownloadContactBlog
Search…
Conduktor Documentation
Learn Apache Kafka with Conduktor
Conduktor First Steps
Installing Conduktor
Sign in to Conduktor
Licenses & Activations
Login Troubleshooting & FAQ
Account Management
Account Management
Kafka Cluster Connection
Setting up a connection to Kafka
Import/Export configurations
Features
How to Consume data?
How to Produce data?
Brokers Management
Topics Management
Consumer Groups Management
Schema Registry
Kafka Connect
Kafka Streams
ksqlDB: Streaming with SQL
Kafka Security (ACLs)
Monitoring
Miscellaneous
Configuring Conduktor
Data Security
Frequently Asked Questions
Powered By GitBook
Kafka Security (ACLs)
To secure your cluster, define who has access to what, you really need to define Kafka ACLs.

List the ACLs

Conduktor "Security" tab lets you see the current ACLs of your Kafka cluster, and provide different views:
    Classic listing with filter:
    An experimental graphic view where you can see the links between users and topics.
      Normal arrow means "producing to"
      Dashed arrow means "consuming from"

How to create new ACLs

Kafka's ACLs are quite "atomic", there are many ACLs possible. Generally, you must combine them to be able to provide a producer / a consumer / a kafka streams application, enough ACLs to make it work properly.
Documentation about ACLs: https://docs.confluent.io/current/kafka/authorization.html​
Conduktor helps you by providing a simple wizard.
It asks you which use-case do you want to use, then it adapts the fields you need to setup, and provide useful help and tips all around. When you validate, it will automatically create all the necessary ACLs behind the scene (that will be visible on the main list):

Import/Export ACLs

From the list screen, it's possible to export the ACLs to a CSV file (this will export only the filtered ACLs if a filter is present). This will render the ACLs following the kafka-security-manager format:
1
KafkaPrincipal,ResourceType,PatternType,ResourceName,Operation,PermissionType,Host
2
User:john,TOPIC,LITERAL,*,WRITE,ALLOW,*
3
User:john,TOPIC,LITERAL,*,CREATE,ALLOW,*
4
User:john,TOPIC,LITERAL,*,DESCRIBE,ALLOW,*
5
User:john,CLUSTER,LITERAL,kafka-cluster,IDEMPOTENT_WRITE,ALLOW,*
6
User:project-stream,TOPIC,PREFIXED,kstream-appid,ALL,ALLOW,*
7
User:project-stream,GROUP,PREFIXED,kstream-appid,ALL,ALLOW,*
8
User:project-stream,TOPIC,LITERAL,sales,READ,ALLOW,*
9
User:project-stream,TOPIC,LITERAL,products,READ,ALLOW,*
10
User:project-stream,TOPIC,LITERAL,users,READ,ALLOW,*
11
User:project-stream,TOPIC,LITERAL,stocks,WRITE,ALLOW,*
12
User:project-stream,TOPIC,LITERAL,alerts,WRITE,ALLOW,*
Copied!
You can import the same kind of file (don't forget to add the header as the first line, to identify the columns).
​
Previous
ksqlDB FAQ
Next - Features
Monitoring
Last modified 5mo ago
Copy link
Contents
List the ACLs
How to create new ACLs
Import/Export ACLs