Work with ACL in ADS Control

Olga Semme

Contents

Prerequisites
- ADS Control
- ADS
ACL management page overview
Create an ACL
View ACL

Prerequisites

ADS Control

To enable the ability to work with ACL, activate the Kafka ACL Settings switch on the ADS Control service configuration page, save the configuration, and restart the ADS Control service.

For the ADS cluster, integrated with ADS Control, configure user authentication and enable ACL (see the ACL in Kafka article for more details).

ACL management page overview

The Clusters → <cluster name> → ACL management page in the ADS Control web interface is designed for access control list management.

The ACL management page becomes available after selecting a cluster in the cluster management section and navigating to the ACL tab on the General page.

ACL management page

The ACL management page contains:

The Create ACL button to open a window for creating new ACL. The description of the window is provided below.
The table displaying information about the ACL created in Kafka. Clicking on a table row opens the list of permissions configured for a single resource. The description of the table columns is provided below.

Field Description

Resource name

Kafka resource name for which users or groups have permissions set to perform operations

Resource type

Type of Kafka resource for which users or groups have permissions set to perform operations

Pattern type

Type of resource template used in the list. Template types:

Literal — used to specify the exact name of the resource;
Prefixed — used to specify the prefix of the resource name.

Create an ACL

After clicking Create ACL, the ACL creation page opens.

ACL creation page

The description of the parameters for creating an ACL is provided below.

Field Description

Principal

Username or groupname. Specified in the User:<username> (Group:<group_name>) format, where <username> is the user’s name (principal) without specifying the authentication realm

Host

IP address for which access to the resource is provided to users specified in Principal

Permission Type

Type of permission:

Allow — permission for the operation;
Deny — prohibition of the operation.

Pattern type

Type of resource template used in the list. Available template types:

Literal — used to specify the resource name explicitly;
Prefixed — used to specify a prefix of the resource name.

Resource type

Type of resource that users or groups listed have access to for performing operations. Available resource types:

Topic
Group
Cluster
Transactional id
Delegation token

Resource name

Name of the Kafka resource or name pattern to which access for performing operations is assigned for users or groups specified in the list

Operation

Operation, access to execution of which is assigned to a user or group. Available operations:

All
Read
Write
Create
Delete
Alter
Describe
Cluster action
Describe configs
Alter configs
Idempotent write

For information about operations for which user rights can be set, refer to the Assign rights and prohibitions to individual actions in Kafka for users section

After filling in the parameters, click Create ACL and you will receive a message about the successful creation of the list.

Message about the successful ACL creation

View ACL

Clicking on a row opens a table containing the list of permissions configured for a single resource.

ACL

ACL

The description of the table columns is given below.

Field

Description

Principal(s)

The username for which access is configured

Host

IP address for which access to the resource is provided to users specified in Principal

Permission Type

Type of permission

Operation(s)

Operation, access to execution of which is assigned to a user or group

Actions

Contains the delete dark delete light icon to delete the ACL. The action requires confirmation

Found a mistake? Seleсt text and press Ctrl+Enter to report it