本文章基于Kafka配置 SASL/PLAINTEXT后編寫，如未配置請參考：https://datamining.blog.csdn.net/article/details/90264636?進行修改

配置kafka server.properties文件

super.users 指定超級用戶，不受權限控制

listeners=SASL_PLAINTEXT://ip:pot security.inter.broker.protocol=SASL_PLAINTEXT sasl.mechanism.inter.broker.protocol=PLAIN sasl.enabled.mechanisms=PLAIN authorizer.class.name = kafka.security.auth.SimpleAclAuthorizer super.users=User:admin

用戶配置為kafka設置的kafka_server_jass.conf，如何配置參考：https://datamining.blog.csdn.net/article/details/90264636

配置為:

# user_zsh,user_dataflow,user_crawler,user_taskcentr 皆為用戶 KafkaServer {org.apache.kafka.common.security.plain.PlainLoginModule requiredusername="zsh"password="niubi"user_zsh="niubi"user_dataflow="dataflow"user_crawler="crawler"user_taskcenter="taskcenter"; }; Client{org.apache.kafka.common.security.plain.PlainLoginModule requiredusername="kafka"password="kafkapwd"; };

?

• 指定Topic拒絕所有用戶讀寫權限（超級用戶除外）

[root@ecs-0002 logs]# kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 -add --deny-principal User:* --operation Read --operation Write --topic test_topic_3 Adding ACLs for resource `Topic:test_topic_3`: User:* has Deny permission for operations: Read from hosts: *User:* has Deny permission for operations: Write from hosts: * Current ACLs for resource `Topic:test_topic_3`: User:* has Deny permission for operations: Read from hosts: *User:* has Deny permission for operations: Write from hosts: *

• crawler用戶添加指定Topic讀寫權限，不指定的用戶均無法訪問

[root@ecs-0004 config]# kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 -add --allow-principal User:crawler --operation Read --operation Write --topic test_topic_3 Adding ACLs for resource `Topic:test_topic_3`: User:crawler has Allow permission for operations: Write from hosts: *User:crawler has Allow permission for operations: Read from hosts: * Current ACLs for resource `Topic:test_topic_3`: User:crawler has Allow permission for operations: Write from hosts: *User:crawler has Allow permission for operations: Read from hosts: *

• crawler用戶添加讀權限?

kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 -add --allow-principal User:crawler --operation Read --topic test_topic_3

• crawler用戶添加寫權限

kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 -add --allow-principal User:dataflow --operation Write --topic test_topic_3

• ?移除某個Topic ACL權限，任何權限不設置即所有用戶都可以操作

[root@ecs-0004 config]# kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --remove --topic test_topic_3 Are you sure you want to delete all ACLs for resource `Topic:test_topic_3`? (y/n) y Current ACLs for resource `Topic:test_topic_3`:

• ?刪除Topic 指定ACL權限

kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --remove --allow-principal User:crawler --allow-principal User:Alice --allow-host 198.168.2.0 --allow-host 198.168.2.1 --operation Read --operation Write --topic test_topic_3

• 指定host某臺服務器可以操作

注：--allow-host和--deny-host 指定方式，必須與--deny-principal?或--allow-principa共同使用

使用--allow-host必須與--allow-principa?一起使用，指定某個用戶在某臺服務器可以操作

同理，使用--deny-host必須與--deny-principal 一起使用

[root@ecs-0004 config]# kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 -add --allow-principal User:crawler --allow-host 192.168.2.221 --operation Read --topic test_topic_3 Adding ACLs for resource `Topic:test_topic_3`: User:crawler has Allow permission for operations: Read from hosts: 192.168.2.221 Current ACLs for resource `Topic:test_topic_3`: User:crawler has Allow permission for operations: Read from hosts: 192.168.2.222User:crawler has Allow permission for operations: Read from hosts: 192.168.2.221

• ?查看ACL列表

[root@ecs-0004 config]# kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --list --topic test_topic_3 Current ACLs for resource `Topic:test_topic_3`: User:crawler has Allow permission for operations: Read from hosts: *

• 增加producer、consumer ACL

kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:crawler --producer --topic test_topic_3 kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:crawler --consumer --topic test_topic_3 --group group-1

?

?

?

總結

以上是生活随笔為你收集整理的Kafka ACL控制，用户权限能控制的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。