Aiven Kafka supports Access Control Lists for allowing and limiting Produce and Consumer rights on the topic level for your users. You can manage both users and ACL entries on the Users pane on the Service Details page on the Aiven Console.
Users can be added by clicking the Add service user... button on the top right corner.
Each user has their individual Access Key and Certificate that can be downloaded from the Users pane.
ACLs are defined as an user or a wildcard mask of users, the grant to produce and/or consume and finally a topic or a wildcard mask of topics that the grant is applied to. By default, the access is allowed for all configured users to both produce and consume on all topics.
You can add new grants using the Add an ACL entry... button on the right.
Since the rules are additive, you probably want to delete the default rule once you start using Access Control Lists. To do so, you can use the Remove... button next to each rule.
Please note the ACL restrictions do not currently apply to Kafka REST. We're working on extending the same restrictions there.