0
0
Kafkadevops~10 mins

ACL-based authorization in Kafka - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - ACL-based authorization
Client sends request
Kafka broker receives request
Check ACL rules for client
Allow access
Process
Send response
The Kafka broker checks the client's request against ACL rules to decide if access is allowed or denied.
Execution Sample
Kafka
acl = {
  'user1': ['read', 'write'],
  'user2': ['read']
}

request = {'user': 'user1', 'action': 'write'}

if request['action'] in acl.get(request['user'], []):
  print('Access granted')
else:
  print('Access denied')
This code checks if a user has permission to perform an action based on ACL rules.
Process Table
StepActionEvaluationResult
1Get user permissions from ACLacl.get('user1', [])['read', 'write']
2Check if action 'write' in permissions'write' in ['read', 'write']True
3Decision based on checkTrueAccess granted
4Outputprint('Access granted')Access granted
💡 Access granted because 'write' is in user1's permissions
Status Tracker
VariableStartAfter Step 1After Step 2Final
acl{'user1': ['read', 'write'], 'user2': ['read']}{'user1': ['read', 'write'], 'user2': ['read']}{'user1': ['read', 'write'], 'user2': ['read']}{'user1': ['read', 'write'], 'user2': ['read']}
request{'user': 'user1', 'action': 'write'}{'user': 'user1', 'action': 'write'}{'user': 'user1', 'action': 'write'}{'user': 'user1', 'action': 'write'}
permissionsN/A['read', 'write']['read', 'write']['read', 'write']
action_allowedN/AN/ATrueTrue
Key Moments - 2 Insights
Why does the code check acl.get(user, []) instead of acl[user]?
Using acl.get(user, []) avoids errors if the user is not in the ACL by returning an empty list, as shown in Step 1 of the execution_table.
What happens if the action is not in the user's permissions?
If the action is not found, the condition in Step 2 becomes False, leading to 'Access denied' output, as explained in the exit_note.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what is the value of 'permissions' after Step 1?
A[]
B['read']
C['read', 'write']
DNone
💡 Hint
Check the 'Evaluation' column in Step 1 of the execution_table.
At which step does the code decide to grant access?
AStep 1
BStep 3
CStep 2
DStep 4
💡 Hint
Look at the 'Result' column where the decision is made.
If the request action was 'delete', what would happen in Step 2?
AThe check would be False
BThe check would be True
CAn error would occur
DPermissions would change
💡 Hint
Refer to the condition check in Step 2 and the exit_note.
Concept Snapshot
ACL-based authorization in Kafka:
- ACLs list users and allowed actions
- Broker checks user action against ACL
- If allowed, access granted; else denied
- Use safe lookup (get) to avoid errors
- Controls who can read/write topics
Full Transcript
This visual trace shows how Kafka uses ACL-based authorization. When a client sends a request, the broker checks the ACL rules for that user. The code example shows a dictionary of users and their allowed actions. The program looks up the user's permissions safely using get to avoid errors if the user is missing. It then checks if the requested action is allowed. If yes, it prints 'Access granted'; otherwise, 'Access denied'. The execution table walks through each step, showing variable values and decisions. Key moments clarify why safe lookup is used and what happens if the action is not allowed. The quiz tests understanding of permissions lookup, decision step, and behavior with disallowed actions. This helps beginners see how ACLs control access in Kafka simply and clearly.