Home / Event Gateway / Event Gateway Policies
Edit
Report

ACLs

Overview Examples Configuration reference
Related Documentation
Event Gateway Documentation
Incompatible with
on-prem
Tags
#event-gateway
Related Resources
Virtual clusters
Policies

The ACL (Access Control List) policy manages authorization for your virtual cluster by defining which actions authenticated principals can perform on specific resources.

By default, when ACLs are enabled, principals have no access. You must explicitly define access rules through ACL policies.

Use cases

Common use cases for the ACLs policy:

Use case

Description
Allow read-only access to a topic Allow the authenticated principal to consume messages for a specific topic.
Allow consumer group management Allow the authenticated principal to create and delete consumer groups.

How it works

This policy runs in the cluster phase.

  1. A Kafka client produces a message and sends it to Event Gateway.
  2. Event Gateway checks the client’s action against the configured ACL.
    • If the action is allowed, it passes the message onward.
    • If the action isn’t allowed, the message is dropped.
 
sequenceDiagram
  autonumber
  participant client as Client
  participant egw as Event Gateway
  participant broker as Event broker

  client->>egw: message
  egw->>egw: check action against ACL
  
  alt allowed action

  egw->>broker: send message

  else blocked action
  egw -x client: forbidden
  end
Something wrong?
Report an Issue | Edit this Page

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help

Ask in our Forum
Contact Support