Overview

Kpow supports two methods of controlling user access to User Actions.

Simple Access Control creates global access controls from environment variable config
Role Based Access Control integrates with User Authentication and respects role based controls

Note: User Actions apply to specific Domains. This is important when configuring RBAC.

The following actions are supported by both methods of access control.

Domain	Action	Control (when TRUE)
CLUSTER	TOPIC_INSPECT	Allow users to read topic key and value data
	TOPIC_PRODUCE	Allow users to write new messages to topics
	TOPIC_CREATE	Allow users to create new topics
	TOPIC_EDIT	Allow users to edit topic configuration
	TOPIC_DELETE	Allow users to delete topics
	TOPIC_TRUNCATE	Allow users to truncate topics
	GROUP_EDIT	Allow users edit consumer groups and reset consumer offsets
	GROUP_DELETE	Allow users to delete consumer groups
	BROKER_EDIT	Allow users to edit broker configuration
	ACL_EDIT	Allow users to create and delete Kafka ACLs
SCHEMA	SCHEMA_CREATE	Allow users to create new schemas and subjects
	SCHEMA_EDIT	Allow users to edit schemas and subjects
CONNECT	CONNECT_CREATE	Allow users to create new connectors
	CONNECT_EDIT	Allow users to edit, pause, stop, and restart connectors and tasks
KSQLDB	KSQLDB_QUERY	Allow users to execute ksqlDB SQL queries (push or pull)
	KSQLDB_EXECUTE	Allow users to execute ksqlDB SQL statements (eg, `CREATE_TABLE`)
	KSQLDB_TERMINATE_QUERY	Allow users to terminate ksqlDB streaming push queries
	KSQLDB_INSERT	Allow users to insert ksqlDB rows into source tables or streams

User Permissions

Users are denied permissions on all actions by default.

To give permission to a specific action you must configure it true.

In most cases where the user is denied permission to an particular action the UI will show that denial directly to the user. In some cases the permission is determined on the back end and the user is informed after the fact that they do not have the ability to take the requested action.