Hi, As written here: http://docs.confluent.io/3.1.2/connect/security.html#acl-considerations "Note that if you are using SASL for authentication, you must use the same principal for workers and connectors as only a single JAAS is currently supported on the client side at this time as described here <http://docs.confluent.io/3.1.2/kafka/sasl.html#kafka-sasl>."
I think other components share the same concern (Kafka Rest proxy notably). It’s a bit of security risk to have the connect cluster write to several topics while each connector’s config concern is usually to only write to a few. Passing a specific jaas or login as part of the config would I think resolve that problem. Are there any KIPs or roadmaps in place to properly isolate security concerns? Thanks in advance Best regards, Stephane
