The ACL (Access Control List) policy manages authorization for your virtual cluster by defining which actions principals can perform on specific resources.
By default, when ACLs are enabled, principals have no access. You must explicitly define access rules through ACL policies.
Common use cases for the ACLs policy:
|
Use case |
Description |
|---|---|
| Example: Allow read-only access to a topic | Allow the principal to consume messages for a specific topic. |
| Example: Allow consumer group management | Allow the principal to create and delete consumer groups. |
| How-to: Productize Kafka topics with namespaces and ACLs | If your Kafka topics follow a naming convention with prefixes, you can easily organize them into categories with Kong Event Gateway by using a combination of namespaces, forwarding policies, and ACL policies. |
| How-to: Secure Kafka traffic in Event Gateway with Kong Identity and ACLs | Using Kong Identity as an auth server, verify client OAuth tokens through a virtual cluster, and apply an ACL policy to restrict access to a specific client. |
This policy runs in the cluster phase.
sequenceDiagram autonumber participant client as Client participant egw as Event Gateway participant broker as Event broker client->>egw: message egw->>egw: check action against ACL alt If action allowed egw->>broker: send message else If action blocked egw -x client: forbidden end
