It should require zookeeper connection always, because intern kafka brokers will interact with zookeeper for all meta data about topics. But its interesting, how would you give departments to access to kafka nodes
@Sönke, Could you please shade some light on giving departements access to kafka nodes.? Is it like departments able to ssh to kafka nodes and run describe command? so it will show topics metadata only topics in that node? Apologies, if my question is very basic. Thank you, Naresh Thanks, Naresh www.linkedin.com/in/naresh-dulam http://hadoopandspark.blogspot.com/ On Mon, Feb 26, 2018 at 5:30 PM, Reema Chugani <reemachug...@outlook.com> wrote: > Hi Sönke, > > Thanks for the info, it is helpful! > > I can modify so that the departments can only access the Kafka nodes > themselves. However how would the consumers connect to the topics then? > Don't the consumer clients require to connect via Zookeeper? > > Thanks, > Reema > > On Fri, Feb 23, 2018 at 10:50 PM, Sönke Liebau <soenke.lie...@opencore.com > .invalid<mailto:soenke.lie...@opencore.com.invalid>> wrote: > Hi Reema, > > if your departments have access to Zookeeper then there probably is not > much you can do about them accessing data on other departments topics. I > assume that you have enabled Zookeeper ACLs, but even with those in place, > the topic metadata is world readable, so listing topics can be done by > anyone who has access to Zookeeper. > > If your departments can only access the Kafka nodes themselves then the > DESCRIBE action on Topics is I believe what you are looking for, without an > ACL in place to grant this, the topic should not be listed in Metadata > responses. > > I hope that helps, if you need more information let us know! > > Best regards, > Sönke > > Am 24.02.2018 06:32 schrieb "Reema Chugani" <reemachug...@outlook.com< > mailto:reemachug...@outlook.com>>: > > Hi, > > I am using Kafka 0.10.2. > > I have multiple topics & consumers set up with ACLS such that consumer can > only read from a particular topic. I am wondering how I can prevent a > consumer from accessing metadata in zookeeper about other topics? i.e, > prevent consumers from listing or getting info about topics in the cluster. > (Not let marketing dept see the topic names of finance topics.) > > Thanks, > Reema > > >
