kafka 添加了acl 认证，其中的 --allow-principal User: 后面到底指的是什么？

我在kafka 添加了ACL认证，并且已经可以成功控制某个IP地址能访问，或者不能访问对应的topic，但是当我新建一个topic的时候，想给这个topic添加一个只能某个ip下某个特定用户有读写权限的时候，不论怎么加都不行，只有添加User：*,这个ip下的用户才能访问。但是就相当于这个ip下的所有用户都有权限，没有针对单个用户设定权限。请前辈指教下，这里的user到底应该怎么加才能实现对单个用户授权。是需要在加ssl和sasl?
rhel6712950是我的想授权的主机hostname,ip是10.253.129.50.root是我的用户，我为topic testacl添加了如下acl
Following is list of acls for resource: Topic:testacl
User:rhel6712950 has Allow permission for operations: Write from hosts: 10.253.129.50
User:rhel6712950 has Allow permission for operations: Read from hosts: 10.253.129.50

User:root@rhel6712950 has Allow permission for operations: Read from hosts: 10.253.129.50
User:root@rhel6712950 has Allow permission for operations: Write from hosts: 10.253.129.50
User:root has Allow permission for operations: Read from hosts: 10.253.129.50
User:root has Allow permission for operations: Write from hosts: 10.253.129.50
但是root用户还是无法访问testacl这个topic，只有添加了如下的才有权访问
User: has Allow permission for operations: Read from hosts: 10.253.129.50
User: has Allow permission for operations: Write from hosts: 10.253.129.50