[jira] [Assigned] (KAFKA-18766) Docs: Make usage of allow.everyone.if.no.acl.found config clearer

Mon, 10 Feb 2025 08:00:45 -0800 


     [ 
https://issues.apache.org/jira/browse/KAFKA-18766?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Divij Vaidya reassigned KAFKA-18766:
------------------------------------

    Assignee: Mingdao Yang

> Docs: Make usage of allow.everyone.if.no.acl.found config clearer
> -----------------------------------------------------------------
>
>                 Key: KAFKA-18766
>                 URL: https://issues.apache.org/jira/browse/KAFKA-18766
>             Project: Kafka
>          Issue Type: Improvement
>          Components: documentation
>            Reporter: Divij Vaidya
>            Assignee: Mingdao Yang
>            Priority: Minor
>              Labels: newbie
>
> h2. *Motivation*
> In the documentation today, we have the following sentence:
> {quote}By default, if no ResourcePatterns match a specific Resource R, then R 
> has no associated ACLs, and therefore no one other than super users is 
> allowed to access R. If you want to change that behavior, you can include the 
> following in server.properties.
> {quote}
>  
> Although, it is correct, I have observed users being confused by it. I think 
> could me made clearer that default is deny and this property is a way to 
> change default. 
> h2. Change
> Replace the above with the following:
>  
> *Default Behavior Without ACLs:*
> If a resource (R) does not have any ACLs defined—that is, if no ACL matches 
> the resource—Kafka will restrict access to that resource. In this situation, 
> only super users are allowed to access it.
> *Changing the Default Behavior:*
> If you prefer that resources without any ACLs be accessible by all users 
> (instead of just super users), you can change the default behavior. To do 
> this, add the following line to your server.properties file:
>  
> {noformat}
> allow.everyone.if.no.acl.found=true{noformat}
> With this setting enabled, if a resource does not have any ACLs defined, 
> Kafka will allow access to everyone. If a resource has one or more ACLs 
> defined, those ACL rules will be enforced as usual, regardless of the setting.
> h2. Testing
> Test the change in the documentation by spinning up a local server using the 
> instructions at: 
> [https://cwiki.apache.org/confluence/display/KAFKA/Setup+Kafka+Website+on+Local+Apache+Server]
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to