Description
This article provides basic guidelines on how to resolve "The connector is not authorized to access the designated topic. Please make sure the Kafka API key has correct topic ACLs enabled" error when deploying Fully Managed Connectors in Confluent Cloud
Applies To
Fully Managed Connectors in Confluent Cloud
Cause
The connector provisioning can fail with the above error if the Service Account or the Kafka API Key used with the Connector is missing the required ACLs.
This can also happen when the RBAC rolebindings are missing.
Resolution
Fully Managed connectors on Confluent Cloud can work with both ACLs and rolebindings.
The issue could be because of missing either ACLs or RBAC rolebindings.
(1) Missing ACLs:
For Sink Connectors, follow the documentation here to grant the required ACLs
For Source Connectors, follow the documentation here to grant the required ACLs.
Some of the connectors like the Debezium Source Connectors, JDBC based Connectors and Confluent Oracle CDC Source Connectors need additional ACLs which can be found in the respective sections here.
If you are still facing issues after granting the required ACLs for the Service Account or Kafka API Key, please reach out to Confluent Support with the below details
- Connector lcc- id
- List of the ACLs granted to the Service Account for review
(2) Missing RBAC rolebindings:
Please make sure that the relevant rolebindings are assigned to the User Account (or) Service Account configured for the connector as per: 'Configure RBAC for Connectors in Confluent Cloud'.