Hi All,
How can I restrict who can modify ACLs for kafka cluster? Anyone can use
kafka-acls cli to modify the acl.
I added superuser and thought that when we are running the kafka-acls, it
validates that only spatel user can run this command. So what prevents user on
n\w trying to modify ACLs.
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
super.users=User:CN=spatel-lt.nhsrx.com,OU=arch,O=pdx inc,L=fort
worth,ST=tx,C=us
Current ACLs for resource `Cluster:kafka-cluster`:
User:CN=spatel-lt,OU=arch,O=pdx inc,L=fort worth,ST=tx,C=us has Allow
permission for operations: Create from hosts: *
Am I missing anything???
Thanks in advance,
Shri
______________________________________________________________
Shrikant Patel | PDX-NHIN
Enterprise Architecture Team
Asserting the Role of Pharmacy in Healthcare
www.pdxinc.com<http://www.pdxinc.com/>
main 817.246.6760 | ext 4302
101 Jim Wright Freeway South, Suite 200, Fort Worth, Texas
76108-2202<http://maps.google.com/maps?q=PDX,+Inc.&hl=en&sll=32.758696,-97.476397&sspn=0.006295,0.006295&filter=0&update=1&t=h&z=17&iwloc=A>
P Please consider the environment before printing this email.
This e-mail and its contents (to include attachments) are the property of
National Health Systems, Inc., its subsidiaries and affiliates, including but
not limited to Rx.com Community Healthcare Network, Inc. and its subsidiaries,
and may contain confidential and proprietary or privileged information. If you
are not the intended recipient of this e-mail, you are hereby notified that any
unauthorized disclosure, copying, or distribution of this e-mail or of its
attachments, or the taking of any unauthorized action based on information
contained herein is strictly prohibited. Unauthorized use of information
contained herein may subject you to civil and criminal prosecution and
penalties. If you are not the intended recipient, please immediately notify the
sender by telephone at 800-433-5719 or return e-mail and permanently delete the
original e-mail.
