Question: users and customUserAcls config

Question

Question: users and customUserAcls config

gquintana opened this issue 4 years ago · 1 comments

As far as I understand users and ACLs are in 2 separate sections:

users:
  my-test-user:
    principal: User:my-test-user
customUserAcls:
  my-test-user:
    read-all-kafka:
      name: kafka.
      type: TOPIC
      pattern: PREFIXED
      host: "*"
      operation: READ
      permission: ALLOW

Why are they separate? What about:

users:
  my-test-user:
    principal: User:my-test-user
    acls:
      read-all-kafka:
        name: kafka.
        type: TOPIC
        pattern: PREFIXED
        host: "*"
        operation: READ
        permission: ALLOW

Or to be able to share ACLs groups among several users (some kind of RBAC):

users:
  my-test-user:
    principal: User:my-test-user
    roles:
      - my-test-role
  my-other-user:
    principal: User:my-other-user
    roles:
      - my-test-role
customRoles:
  my-test-role:
    read-all-kafka:
      name: kafka.
      type: TOPIC
      pattern: PREFIXED
      host: "*"
      operation: READ
      permission: ALLOW

Answer 1 · 2021-07-20T10:19:54.000Z

especially the RBAC solution would be great