Access Control Lists

The Access Control Lists (ACL) provide basic access control with Kafka ACLs to secure access to data.

Important

Anyone with access to Confluent Cloud web browser has full access to all the resources (i.e. a SuperUser).

The operations available to a user depend on the the resources that a user has access to. When defining an ACL, you should consider which resources your users or groups have access to, and the available operations when managing those resources. For example, you might have to define more than a single ACL, depending on the resources that specific users require access to.

Resource Operation
Cluster
  • Create (allows creating topics)
  • Describe: number of brokers, other meta-data
  • IdempotentWrite: for producers in Idempotent mode, InitProducerId(idempotent): To initialize the producer
  • Alter (CreateAcls, DeleteAcls, DescribeConfigs)
Consumer Groups
  • Delete
  • Describe
  • Read
Topic
  • Alter
  • AlterConfigs
  • Create
  • Delete
  • Describe (number of partitions etc.)
  • DescribeConfigs
  • Read
  • Write
TransactionalID
  • Alter
  • AlterConfigs
  • Create
  • Delete
  • Describe (number of partitions etc.)
  • DescribeConfigs
  • Read
  • Write

ACLs are managed by using the Confluent Cloud CLI. For a complete list of Kafka ACLs, see Authorization using ACLs.

See also

To easily try out the Confluent Cloud CLI functionality in your Confluent Cloud Enterprise cluster, see the Confluent Cloud CLI demo script.