Document ACLs required by Kowl

[mateuszkwiatkowski]

Hello,

I couldn't find documentation on which ACLs are required by Kowl to work with a Kafka cluster. This was also brought in here: https://github.com/cloudhut/kowl/issues/194

[weeco]

Hey @mateuszkwiatkowski , we plan to cover all functionality that the Kafka API offers. So sooner or later you would need to grant Kowl all permissions / super user rights. If you use Kowl and not Kowl Business you could further restrict the access globally (by global I mean for all Kowl users) by further restricting the ACLs as you like.

Ideally if you are worried about users doing wrong things I'd recommend you to have a look at Kowl Business which has been free for the past 2 years and is still free to use for everyone (we plan to charge for it at some point, but that's not foreseeable at the moment). It allows you to setup RBAC and grant each Kowl user a specific set of permissions.

I hope that kind of helps even though this answer doesn't contain a list of ACLs which I would apply?

[mateuszkwiatkowski]

@weeco thank you for prompt response. We'll try business edition and that would probably solve our problem. Having that said, additional level of protection in Kafka could help preventing exploiting potential bugs in Kowl's RBAC so please consider preparing ACLs documentation anyway. Thanks!

[twmb]

Hi, I'm confused -- Console requires all ACLs, since the intent is for Console to be a UI that can manage any admin thing you could want to do in a cluster. Let me know what may be the confusion here?