Manage users and access control lists
Aiven for Apache Kafka® uses access control lists (ACL) and user definitions to grant specific rights for producing or consuming topics.
For detailed information on permission mapping, see Access control lists and permission mapping.
To manage users and ACL entries, access the corresponding sections in the left sidebar of the service page within the Aiven Console.
Add a user
A user with the Admin
permission can create topics with any name, as
the CreateTopics
permission is applied at the cluster level.
All other permissions related to a topic (Alter
, Delete
) only
apply to the topics matching the pattern that you specify.
To add a new user:
- Log in to Aiven Console and select your service.
- Select Users from the left sidebar.
- Enter a name for the new user and select Add service user.
- The new user appears on the Users page, with links to the user-specific access key and certificate.
Add a new ACL grant
To add new access control list:
You can add a new access control list grant via the Aiven Console with:
-
Log in to Aiven Console and select your service.
-
Select ACL from the left sidebar and select Add entry.
-
On the Add access control entry screen, select the desired ACL type:
- For ACL for Topics, enter the following details:
- Username
- Topic
- Permissions
- For ACL for Schema Registry, enter the following details:
- Username
- Resources
- Permissions
- For ACL for Topics, enter the following details:
-
Click Add ACL entry.
tipWhen using the Aiven Terraform Provider, you can add the
default_acl
key to yourresource
and set it tofalse
if you do not want to create the admin user with wildcard permissions. -
Once you start defining custom ACLs, it's recommended to delete the default
avnadmin
rule by clicking the Remove icon.warningACL restrictions currently do not apply to Kafka REST. Rules are applied based on the username and topic names, but there are no restrictions on consumer group names.
We are working on extending the same restrictions to Kafka REST.