Temporary policies

Temporary policies allow a Kpow Admin to create temporary RBAC policies.

For example a temporary policy may grant GROUP_EDIT on a specific consumer group for a specific cluster for 30 minutes to a specific user role.

Note: an admin cannot assign temporary policies above their own permissions. For example, if creating a temporary policy for GROUP_EDIT , the admin must also be allowed to invoke GROUP_EDIT actions.

Adding a temporary policy

From within the Settings page an administrator can navigate to the Temporary policies tab.

Manage temporary policies

From within the Settings page an administrator can navigate to the Temporary policies tab.

You can view all current temporary policies and remove temporary policies before they expire.

Notifications

You can configure the Slack integration integration to be notified when a new temporary policy has been made.

All temporary policies are persisted to the Data governance (Audit log).

Configuration

The following environment variables can be used to configure temporary policies:

  • TEMPORARY_POLICY_MAX_MS - Configures the maximum allowed duration a temporary policy can be applied for (in ms). Default 1 hour.