Apache Kafka has limited support for multi-tenancy via Access Control List. The Lenses platform enhances this at the data layer level. You can have teams using, in parallel, the same Kafka cluster while making sure they can not see or use any topics which they are not supposed to.

User access restriction, achieved via configuration, targets topics and their data. If a user is not allowed to see any information about topicA, the platform makes sure once logged in the user can not see any information about that topic.

Furthermore, the access constraints are propagated to other aspects of the platform, for example, a user cannot configure a Kafka Connect connector or LSQL Processor instance using restricted topics.


Additional multi-tenancy capabilities are achieved via the user group configuration. The configuration controls this behaviour. This entry specifies the list of Lenses user groups, roles, and topic whitelisting/blacklisting.

Here is a configuration example declaring 3 different user groups. The first one, equityUK, can only use Kafka topics prefixed with equity_. The second group, fixedIncomeUS, can use topics prefixed with fi_. The last group defined can use any topic but those prefixed with equity_ or fi_.[
     {"name": "equityUK", "roles": ["read", "write"], topic: { whitelist: ["equity_.*"] },
     {"name": "fixedIncomeUS",  "roles": ["read", "write"], topic: { whitelist: [ "fi_.*" ] },
     {"name": "nonEquityFI",  "roles": ["read", "write"], topic: { blacklist: [ "fi_.*", "equity_.*" ] },