[
https://issues.apache.org/jira/browse/KAFKA-19061?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ritika Reddy resolved KAFKA-19061.
----------------------------------
Resolution: Fixed
> Add ACL changes to enable role based 2PC
> ----------------------------------------
>
> Key: KAFKA-19061
> URL: https://issues.apache.org/jira/browse/KAFKA-19061
> Project: Kafka
> Issue Type: Sub-task
> Reporter: Ritika Reddy
> Assignee: Ritika Reddy
> Priority: Major
>
> *transaction.max.timeout.ms* guarantees that an ongoing transaction is
> aborted within a reasonable amount of time, but to avoid violation of the 2PC
> protocol we need to keep the transaction open, which could put pressure on
> the system. To mitigate this impact, we should restrict the ability to run
> 2PC protocol via a privilege, so that it’s easy to protect the cluster from a
> random rogue application.
> A new value will be added to the {{enum AclOperation: TWO_PHASE_COMMIT
> ((byte) 15}} . When {{InitProducerId}} comes with enable2Pc=true, it would
> have to have both {{WRITE}} and {{TWO_PHASE_COMMIT}} operation enabled on the
> *transactional id* resource.
> The {{kafka-acls.sh}} tool is going to support a new {{{}--operation
> TwoPhaseCommit{}}}.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
