1. Database Reference
  2. Static Data Dictionary Views
  3. Static Data Dictionary Views: DBA_STREAMS_ADD_COLUMN to USER_ZONEMAPS
  4. DBMS_KAFKA_SEC_ALLOWED_PROPERTIES

7.191 DBMS_KAFKA_SEC_ALLOWED_PROPERTIES

DBMS_KAFKA_SEC_ALLOWED_PROPERTIES displays valid Oracle SQL Access to Kafka (OSAK) security properties.

DBMS_KAFKA_SEC_ALLOWED_PROPERTIES is a system table that is created and populated during database installation. It displays the properties that are allowed in the osakafka.properties file, which contains security configuration properties as required by the librdkafka library.

Immediately after installation, DBMS_KAFKA_SEC_ALLOWED_PROPERTIES displays the initial Oracle SQL Access to Kafka (OSAK) security properties listed in Table 7-1. Subsequently, a user with the role OSAK_ADMIN_ROLE can view DBMS_KAFKA_SEC_ALLOWED_PROPERTIES and add additional properties to this table, as required or suggested by Oracle Support. Only the properties displayed in the DBMS_KAFKA_SEC_ALLOWED_PROPERTIES table are read from the osakafka.properties file.

Column Datatype NULL Description

PROPERTY_NAME

VARCHAR2(200)

NOT NULL

Name of the security property

DESCRIPTION

VARCHAR2(4000)

Description of the security property

Table 7-1 Initial Oracle SQL Access to Kafka (OSAK) Security Properties

Property Name Description

debug

Enables rdkafka client debug output. The debug information is logged in Oracle trace files. The only allowed value is all.

max.partition.fetch.bytes

Maximum number of bytes a Kafka server can return in a poll of a single partition. This is a positive integer value. Oracle Cloud Infrastructure (OCI) Streaming service Kafka recommends limiting the request size to 1 MB per partition.

osak.kgmps.max.message.size

Maximum number of bytes a Kafka client can fetch in a poll of a single partition. This is a positive integer value with a default of 1 MB. This parameter, along with max.partition.fetch.bytes, allows for the retrieval of single Kafka records larger the 1 MB.

sasl.kerberos.ccname

File name of the Kerberos credentials (ticket) cache (KRB5CCNAME) of the Kafka cluster

sasl.kerberos.config

File name of the Kerberos configuration file (krb5.conf) of the Kafka cluster

sasl.kerberos.principal

Kafka client Kerberos principal name

sasl.kerberos.service.name

Primary name of the Kerberos principal, as specified in the Kafka Broker JAAS configuration file

For example:

The format of a typical Kerberos V5 principal is: primary/instance@REALM.

Therefore, if the following is specified in the Kafka Broker JAAS configuration file:

principal="kafka/example.hostname.com@EXAMPLEREALM.COM"

Then the value of sasl.kerberos.service.name will be kafka.

sasl.mechanism

Simple Authentication and Security Layer (SASL) mechanism to use for authentication. This is an alias for the sasl.mechanisms property. The allowed values are GSSAPI, PLAIN, SCRAM-SHA-256, and SCRAM-SHA-512. Only one value is allowed. The default value is GSSAPI.

sasl.mechanisms

SASL mechanism to use for authentication. The allowed values are GSSAPI, PLAIN, SCRAM-SHA-256, and SCRAM-SHA-512. Only one value is allowed. The default value is GSSAPI.

sasl.username

User name for SASL authentication

security.protocol

Protocol used to communicate with Kafka brokers. The allowed values are plaintext, ssl, sasl_plaintext, and sasl_ssl. Only one value is allowed.

ssl.ca.location

File name of the Certificate Authority (CA) file for verifying the Kafka broker key

ssl.certificate.location

File name of the Kafka client certificate in Privacy-Enhanced Mail (PEM) format

ssl.endpoint.identification.algorithm

Endpoint identification algorithm to validate the Kafka broker host name using a Kafka broker certificate. The allowed values are https and none. The default value is none.

ssl.key.location

File name of the Kafka client private key

Note:

This view is available starting with Oracle Database 23ai.

See Also:

Oracle Database Utilities for more information about the osakafka.properties file