The Kafka instance in Red Hat OpenShift Streams for Apache Kafka allows you to manage the level of access that other user accounts and service accounts have to your instances. For example, by using Access Control Lists (ACLs), you can configure a topic's access permissions, granting the ability to consume and produce topics, among other things. You can also add new permissions and manage user access. 

We now want to allow the previously created service account to publish events and consume events from the Kafka broker running on Red Hat OpenShift Streams for Apache Kafka. The official documentation contains comprehensive information about how users can manage ACLs using the console UI. For example, to allow your user (i.e., the account service you previously configured) to produce and consume messages from topics in your Kafka instance, you can:

  1. Go to console.redhat.com and log in with your Red Hat account.
  2. On the console.redhat.com landing page, select Application and Data Services from the menu on the left.
  3. Expand the Streams for Apache Kafka selection in the left navigation pane,  and select Kafka Instances.
  4. On the Kafka Instances page, click the name of the Kafka instance you created earlier.
  5. Click Access. This is the page where users can visualize and edit ACLs. 
The default Access Control List for a Kafka instance.
Figure 19: The default Access Control List for a Kafka instance.
  1. Click on Manage Access as shown below in Figure 20. On the pop-up, click on the Account field and select your service account.
  2. Below the list of current configurations, under the section Assign Permissions, select the Add permission combo box. A new resource now needs to be configured.
  3. Now, set the Topic resource configuration with names that Start with "*".
  4. Select All in the Operations box. Kafka will now allow All operations to be executed by your service account. 

  5. Select Save.

Allow all operations on all topics and consumer groups to a service account.
Figure 20: Allow all operations on all topics and consumer groups to a service account.

With properly configured access to topics and consumer groups,  users can connect producers and consumers to interact with topics and events.