Documentation Index

Fetch the complete documentation index at: https://kb.vastdata.com/llms.txt

Use this file to discover all available pages before exploring further.

Granting Kafka Permissions in an Identity Policy

  • Updated on Feb 13, 2026
  • Published on Jan 26, 2026
  • 1 minute(s) read
Prev Next

You grant permissions for Kafka-related objects by listing operations that a user is allowed or prohibited to perform in the user's identity policy.

By default, if no ACL is found, the operation is allowed for any user. If you want to alter this behavior, contact VAST Support.

The following Kafka operations are supported:

  • For a topic:

    • Read

    • Write

    • AlterConfigs

    • Create

    • Delete

    • Describe

    • DescribeConfigs

  • For a consumer group:

    • Read

    • Delete

    • Describe

  • For a Kafka cluster (the Kafka-enabled view):

    • Alter

    • AlterConfig

    • ClusterAction

    • Create

    • Describe

    • DescribeConfigs

For example, the following identity policy allows the user to read and write to the topic, but prohibits topic creation and deletion:

"Version": "2012-10-17",
"Statement": [
  {
    "Sid": "Aaa__gggg",
    "Action": "KafkaRead",
    "Effect": "Allow",
    "Resource": "vast:kafka:topic:kafka-pppp:ddd_0"
  },
  {
    "Sid": "Aaa__ssss",
    "Action": "KafkaWrite",
    "Effect": "Allow",
    "Resource": "vast:kafka:topic:kafka-pppp:ddd_0"
  },
  {
    "Sid": "Aaa__dddd",
    "Action": "KafkaCreate",
    "Effect": "Deny",
    "Resource": "vast:kafka:topic:kafka-pppp:ddd_0"
  },
  {
    "Sid": "Aaa__cccc",
    "Action": "KafkaDelete",
    "Effect": "Deny",
    "Resource": "vast:kafka:topic:kafka-pppp:ddd_0"
  },
]
Related articles