Manage service users in Aiven for Apache Kafka®

Create and manage service users in Aiven for Apache Kafka® to enable secure access and interaction with your service.

note

Users with Admin permission can create topics with any name because the CreateTopics permission applies at the cluster level.

Other permissions, such as Alter and Delete, apply only to topics that match the specified pattern.

Add a user

Aiven Console

To add service users using the Aiven Console, see Create a service user.

After creating a user, download their access key and certificate from the Users page.

Aiven CLI

Run the following command to create a service user:

avn service user-create SERVICE_NAME --username USER_NAME

Replace the following:

• SERVICE_NAME: the name of the Aiven service
• USER_NAME: the username for the new service user

Aiven API

Use the ServiceUserCreate API endpoint to create a service user:

curl -X POST https://api.aiven.io/v1/project/PROJECT_NAME/service/SERVICE_NAME/user \
  -H "Authorization: Bearer API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"username": "USER_NAME"}'

Replace the following:

• PROJECT_NAME: the name of the Aiven project
• SERVICE_NAME: the name of the Aiven service
• USER_NAME: the username for the new service user
• API_TOKEN: Aiven API token for authentication

Manage users

Aiven Console

1. Open your Aiven for Apache Kafka service in the Aiven Console.
2. Click Users in the sidebar to view the list of users.
3. To view the password, click Show password in the password field for the respective user.
4. Click Actions in the user row and choose an action:
   • Click Reset credentials to reset the credentials.
   • Click Delete user to delete the user.

Aiven CLI

• View users:

  avn service user-list SERVICE_NAME

  Replace SERVICE_NAME with the name of your Aiven service.

• Reset user credentials:

  avn service user-password-reset SERVICE_NAME --username USER_NAME

  Replace the following:

  • SERVICE_NAME: the name of the Aiven service
  • USER_NAME: the username of the service user

• Delete a user:

  avn service user-delete SERVICE_NAME --username USER_NAME

  Replace the following:

  • SERVICE_NAME: the name of the Aiven service
  • USER_NAME: the username of the service user

Aiven API

• View user details:

  Use the username-specific endpoint to get details for a service user.

  curl -X GET https://api.aiven.io/v1/project/PROJECT_NAME/service/SERVICE_NAME/user/USER_NAME \
    -H "Authorization: Bearer API_TOKEN"

  Replace the following:

  • PROJECT_NAME: the name of the Aiven project
  • SERVICE_NAME: the name of the Aiven service
  • USER_NAME: the username of the service user
  • API_TOKEN: Aiven API token for authentication

• Reset user credentials:

  curl -X POST https://api.aiven.io/v1/project/PROJECT_NAME/service/SERVICE_NAME/user/USER_NAME/reset-credentials \
    -H "Authorization: Bearer API_TOKEN"

  Replace the following:

  • PROJECT_NAME: the name of the Aiven project
  • SERVICE_NAME: the name of the Aiven service
  • USER_NAME: the username of the service user
  • API_TOKEN: Aiven API token for authentication

• Delete a user:

  curl -X DELETE https://api.aiven.io/v1/project/PROJECT_NAME/service/SERVICE_NAME/user/USER_NAME \
    -H "Authorization: Bearer API_TOKEN"

  Replace the following:

  • PROJECT_NAME: the name of the Aiven project
  • SERVICE_NAME: the name of the Aiven service
  • USER_NAME: the username of the service user
  • API_TOKEN: Aiven API token for authentication

Related pages

• Access Control Lists in Aiven for Apache Kafka®
• Manage access control lists in Aiven for Apache Kafka®