ACLs
ACLs
The ACLs tab lists all access control entries that define which principals can perform specific operations on cluster resources.
Overview
Displays a matrix of principals and their permissions across resource types:
- Principal: The user or service account the rule applies to (e.g.,
User:alice,User:service-account). - Resource type: The Kafka resource being controlled —
Topic,Consumer Group, orCluster. - Resource name: The specific topic, group, or cluster the rule covers. Wildcards (
*) apply to all resources of that type. - Permissions: The set of operations allowed or denied.
Checkmarks (✓) indicate permitted operations. Crosses (✗) indicate denied operations.
Permission Types
| Permission | Description |
|---|---|
| Read | Consume messages from a topic or fetch offsets for a group. |
| Write | Produce messages to a topic. |
| Create | Create new topics or partitions. |
| Delete | Delete topics or records. |
| Alter | Modify topic configurations or reassign partitions. |
| Describe | View topic metadata, group offsets, and cluster information. |
Auditing Access
Use this view to:
- Verify that API Product consumers only have
Readaccess to their subscribed topics. - Confirm that producers are restricted to
Writeon their designated topics. - Identify overly permissive principals with cluster-wide
*resource rules. - Detect missing ACLs that could prevent gateway connections from functioning.
Tips
Zilla Platform Gateway uses a dedicated service principal. Confirm it has Read, Write, and Describe permissions on topics backing your API Products.