Steadybit logoReliability Hub
GitHubGitHub iconStart Free Trial
Steadybit logoReliability Hub

Deny Access

AttackAttack
Block a Kafka user from reading a topic via ACL rules, simulating authorization failures for consumer groups
Targets:
Kafka Consumers
Install now

Deny Access

Block a Kafka user from reading a topic via ACL rules, simulating authorization failures for consumer groups
AttackAttack
Targets:
Kafka Consumers
Install now

Deny Access

AttackAttack
Block a Kafka user from reading a topic via ACL rules, simulating authorization failures for consumer groups
Targets:
Kafka Consumers
Install now

Deny Access

Block a Kafka user from reading a topic via ACL rules, simulating authorization failures for consumer groups
AttackAttack
Targets:
Kafka Consumers
Install now
Go back to list
The action "Alter Max Bytes Per Message" within the experiment editor.The action "Alter Max Bytes Per Message" within the experiment editor.

Introduction

Blocks a Kafka user from accessing a specific topic by creating a deny ACL rule on all Kafka brokers. This simulates authorization failures for the consumer group using that user identity. The ACL rule is automatically removed when the attack ends.

Prerequisites

Kafka ACL security must be enabled on the cluster. This action uses Kafka's built-in ACL mechanism — it will not work on clusters without authorization configured.

Use Cases

  • Block a consumer from reading a topic to observe how the application handles authorization errors.
  • Combine with Delete Records to first block the consumer, then delete records, and observe how the consumer reacts to a gap in records when access is restored.
  • Verify that consumer applications gracefully degrade when topic access is revoked.

Parameters

ParameterDescriptionDefault
DurationHow long the ACL deny rule stays in effect. The rule is automatically rolled back when the duration expires.60s
UserThe Kafka principal (user identity) to block. This should match the user configured in the consumer group's authentication. The deny ACL is created for this user.
TopicThe Kafka topic to deny access to. A deny ACL rule is created for this specific topic, preventing the specified user from reading it.

Useful Templates

See all
Check Kafka consumer's reaction to record loss

Intent

Intentionally deny access to the topic for consumers and during this time where consumption is stopped, delete records.

We can check the logs of the consumers to see how they handle the loss of records and also authorization access issues.

Message Queue
Kafka
Recoverability

More Kafka Consumer Actions

See all
Check Consumer State
Monitor consumer group state transitions (Stable, Dead, Rebalancing) during an experiment
CheckCheck
Kafka Consumers
Check Topic Lag
Fail the experiment if consumer lag exceeds a threshold for a specific topic
CheckCheck
Kafka Consumers
Start Using Steadybit Today

Get started with Steadybit, and you’ll get access to all of our features to discover the full power of Steadybit. Available for SaaS and on-prem!

Are you unsure where to begin?

No worries, our reliability experts are here to help: book a demo with them!

Statistics
-Stars
Tags
Message Queue
Kafka
AWS
Homepage
hub.steadybit.com/extension/com.steadybit.extension_kafka
GitHub
steadybit/extension-kafka
ghcr.io
steadybit/extension-kafka
License
MIT
MaintainerSteadybit
support@steadybit.com
https://steadybit.com
Install now
Steadybit logoReliability Hub
Start Free Trial
HubActionsTargetsAdviceExtensionsTemplates
Support & ResourcesDocumentationYoutube TutorialsCase Studies
ContactsAbout usContact usImprint and legalTerms of services
© 2026 Steadybit GmbH. All rights reserved.
Twitter iconLinkedIn iconGitHub icon