[jira] [Commented] (KAFKA-18766) Docs: Make usage of allow.everyone.if.no.acl.found config clearer

Mon, 10 Feb 2025 07:59:59 -0800 


    [ 
https://issues.apache.org/jira/browse/KAFKA-18766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17925614#comment-17925614
 ] 

Divij Vaidya commented on KAFKA-18766:
--------------------------------------

[~mingdaoy] of course. In general, you don't need to ask for permission to pick 
up tasks. If you see a Jira with "unassigned" assignee, you can feel free to 
assign it to yourself and start working on it.

> Docs: Make usage of allow.everyone.if.no.acl.found config clearer
> -----------------------------------------------------------------
>
>                 Key: KAFKA-18766
>                 URL: https://issues.apache.org/jira/browse/KAFKA-18766
>             Project: Kafka
>          Issue Type: Improvement
>          Components: documentation
>            Reporter: Divij Vaidya
>            Priority: Minor
>              Labels: newbie
>
> h2. *Motivation*
> In the documentation today, we have the following sentence:
> {quote}By default, if no ResourcePatterns match a specific Resource R, then R 
> has no associated ACLs, and therefore no one other than super users is 
> allowed to access R. If you want to change that behavior, you can include the 
> following in server.properties.
> {quote}
>  
> Although, it is correct, I have observed users being confused by it. I think 
> could me made clearer that default is deny and this property is a way to 
> change default. 
> h2. Change
> Replace the above with the following:
>  
> *Default Behavior Without ACLs:*
> If a resource (R) does not have any ACLs defined—that is, if no ACL matches 
> the resource—Kafka will restrict access to that resource. In this situation, 
> only super users are allowed to access it.
> *Changing the Default Behavior:*
> If you prefer that resources without any ACLs be accessible by all users 
> (instead of just super users), you can change the default behavior. To do 
> this, add the following line to your server.properties file:
>  
> {noformat}
> allow.everyone.if.no.acl.found=true{noformat}
> With this setting enabled, if a resource does not have any ACLs defined, 
> Kafka will allow access to everyone. If a resource has one or more ACLs 
> defined, those ACL rules will be enforced as usual, regardless of the setting.
> h2. Testing
> Test the change in the documentation by spinning up a local server using the 
> instructions at: 
> [https://cwiki.apache.org/confluence/display/KAFKA/Setup+Kafka+Website+on+Local+Apache+Server]
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to