# org.apache.kafka.common.errors.DelegationTokenAuthorizationException：未授权访问委派令牌。

- **ID:** `kafka/delegation-token-auth-failure`
- **领域:** kafka
- **类别:** auth_error
- **验证级别:** ai_generated
- **修复率:** 80%

## 根因

客户端缺少管理或使用委派令牌所需的 ACL，通常是由于缺少 'CreateToken' 或 'DescribeToken' 权限。

## 解决方案

1. ```
   Grant the necessary ACL: `kafka-acls.sh --bootstrap-server localhost:9092 --add --allow-principal User:client_user --operation CreateToken --topic '*'`. Then retry the token request.
   ```

## 无效尝试

- **** — Adding super.users in server.properties grants full access but is insecure and doesn't teach proper ACL management. (60% 失败率)
- **** — Restarting the broker doesn't change ACLs; the error persists until permissions are correctly configured. (95% 失败率)