To allow users to perform CRUD of privileges we have couple of options.
1. Add a custom sentry specific CLI.
2. Reuse Kafka's CLI, kafka-acls.sh.
We propose to use the later approach as that will provide a seamless experience to users. Moreover, Kafka's acls cli supports plugging in third party authorizer implementations.
Kafka will authenticate users before passing user's request to Sentry to perform ACLs CRUD. Sentry can assume that users requests coming to it for performing ACLs CRUD are authenticated and authorized.