Re: [PR] KAFKA-18766:Docs: Make usage of allow.everyone.if.no.acl.found config clearer [kafka]

Wed, 05 Mar 2025 09:32:13 -0800 


AndrewJSchofield commented on code in PR #19077:
URL: https://github.com/apache/kafka/pull/19077#discussion_r1981867953


##########
docs/security.html:
##########
@@ -1248,11 +1248,16 @@ <h3 class="anchor-heading"><a id="security_authz" 
class="anchor-link"></a><a hre
     Kafka ACLs are defined in the general format of "Principal {P} is 
[Allowed|Denied] Operation {O} From Host {H} on any Resource {R} matching 
ResourcePattern {RP}".
     You can read more about the ACL structure in <a 
href="https://cwiki.apache.org/confluence/display/KAFKA/KIP-11+-+Authorization+Interface";>KIP-11</a>
 and
     resource patterns in <a 
href="https://cwiki.apache.org/confluence/display/KAFKA/KIP-290%3A+Support+for+Prefixed+ACLs";>KIP-290</a>.
-    In order to add, remove, or list ACLs, you can use the Kafka ACL CLI 
<code>kafka-acls.sh</code>. By default, if no ResourcePatterns match a specific 
Resource R,
-    then R has no associated ACLs, and therefore no one other than super users 
is allowed to access R.
-    If you want to change that behavior, you can include the following in 
server.properties.
+    In order to add, remove, or list ACLs, you can use the Kafka ACL CLI 
<code>kafka-acls.sh</code>. 
+    <h5><u>Behavior Without ACLs:</u> </h5>
+    <p>If a resource (R) does not have any ACLs defined, meaning that no ACL 
matches the resource, Kafka will restrict access to that resource. In this 
situation, only super users are allowed to access it.

Review Comment:
   nit: Indentation is slightly off.



##########
docs/security.html:
##########
@@ -2366,4 +2371,4 @@ <h3 class="anchor-heading"><a 
id="security_rolling_upgrade" class="anchor-link">
 security.inter.broker.protocol=SSL</code></pre>
 </script>
 
-<div class="p-security"></div>
+<div class="p-security"></div>

Review Comment:
   This doesn't seem like a necessary change.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to