Add minimum Kafka ACL permissions for Kafka Monitoring and Messages#35817
Add minimum Kafka ACL permissions for Kafka Monitoring and Messages#35817piochelepiotr wants to merge 1 commit intomasterfrom
Conversation
Document the minimum Kafka ACL permissions required for the Datadog Agent when connecting to ACL-enabled Kafka clusters. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Preview links (active after the
|
domalessi
left a comment
domalessi
left a comment
There was a problem hiding this comment.
Thanks for the PR! Left some feedback. Let me know if you have any Qs.
|
|
||
| Go to the [Kafka Monitoring setup page][1] and click {{< ui >}}Get Started{{< / ui >}}. Then choose your environment and follow the instructions. To request assistance, choose {{< ui >}}Request a pairing session{{< /ui >}}. | ||
|
|
||
| ### Kafka ACL permissions |
There was a problem hiding this comment.
The ACL section is inserted between the setup paragraph and the kafka_setup-2.png image, which breaks the flow — that image illustrates the setup dialog described in the paragraph above it. I think the move would be to shift the ### Kafka ACL permissions to after the image and its following paragraph
| 1. In Datadog, under [Remote Configuration][13], check that remote configuration is enabled at the organization level. | ||
| 2. In Datadog, under [Remote Configuration][13], check that the agent running the Kafka Consumer integration has remote configuration enabled, and is using an API key with remote configuration enabled. | ||
|
|
||
| ## Kafka ACL permissions |
There was a problem hiding this comment.
Having ## Kafka ACL permissions immediately followed by ## Required permissions is confusing — both are about permissions but they cover different things (Kafka cluster access for the Agent vs. Datadog RBAC for the user), and there's nothing to explain the distinction.
I'd suggest one of:
- Group under a single section: Wrap both under ## Permissions with H3 subsections, and rename ## Required permissions to ### Datadog user permissions.
- Move into Prerequisites: Since Kafka ACL permissions are a prerequisite for the feature to work, nest ### Kafka ACL permissions under ## Prerequisites alongside the existing Agent version and remote configuration prerequisites. Then ## Required permissions stands alone covering only Datadog RBAC.
- Keep the structure but add a framing sentence to ## Required permissions: "In addition to Kafka ACL permissions, you must have the following Datadog account permissions:" — this at least signals the distinction without reorganizing.
I think option 2 perhaps is the best move.
2 participants
Summary
Readon Topic permission required for message retrievalTest plan
🤖 Generated with Claude Code