{
  "id": "kafka/delegation-token-auth-failure",
  "signature": "org.apache.kafka.common.errors.DelegationTokenAuthorizationException: Not authorized to access delegation tokens.",
  "signature_zh": "org.apache.kafka.common.errors.DelegationTokenAuthorizationException：未授权访问委派令牌。",
  "regex": "DelegationTokenAuthorizationException",
  "domain": "kafka",
  "category": "auth_error",
  "subcategory": null,
  "root_cause": "The client lacks the required ACL to manage or use delegation tokens, often due to missing 'CreateToken' or 'DescribeToken' permissions.",
  "root_cause_type": "generic",
  "root_cause_zh": "客户端缺少管理或使用委派令牌所需的 ACL，通常是由于缺少 'CreateToken' 或 'DescribeToken' 权限。",
  "versions": [],
  "os_specific": {},
  "dead_ends": [
    {
      "action": "",
      "why_fails": "Adding super.users in server.properties grants full access but is insecure and doesn't teach proper ACL management.",
      "fail_rate": 0.6,
      "condition": "",
      "sources": []
    },
    {
      "action": "",
      "why_fails": "Restarting the broker doesn't change ACLs; the error persists until permissions are correctly configured.",
      "fail_rate": 0.95,
      "condition": "",
      "sources": []
    }
  ],
  "workarounds": [
    {
      "action": "Grant the necessary ACL: `kafka-acls.sh --bootstrap-server localhost:9092 --add --allow-principal User:client_user --operation CreateToken --topic '*'`. Then retry the token request.",
      "success_rate": 0.85,
      "how": "Grant the necessary ACL: `kafka-acls.sh --bootstrap-server localhost:9092 --add --allow-principal User:client_user --operation CreateToken --topic '*'`. Then retry the token request.",
      "condition": "",
      "sources": []
    }
  ],
  "workarounds_zh": [
    "Grant the necessary ACL: `kafka-acls.sh --bootstrap-server localhost:9092 --add --allow-principal User:client_user --operation CreateToken --topic '*'`. Then retry the token request."
  ],
  "transition_graph": {
    "leads_to": [],
    "preceded_by": [],
    "frequently_confused_with": []
  },
  "official_doc_url": "https://kafka.apache.org/documentation/#security_delegation_token",
  "official_doc_section": null,
  "error_code": null,
  "verification_tier": "ai_generated",
  "confidence": 0.82,
  "fix_success_rate": 0.8,
  "resolvable": "partial",
  "first_seen": "2024-01-10",
  "last_confirmed": "2024-06-01",
  "last_updated": "2024-06-01",
  "evidence_count": 1,
  "tags": [],
  "locale": "en",
  "aliases": []
}