Kpow supports two methods of controlling user access to User Actions.
- Simple Access Control creates global access controls from environment variable config
- Role Based Access Control integrates with User Authentication and respects role based controls
The following actions are supported by both methods of access control.
|Domain||Action||Control (when TRUE)|
|CLUSTER||TOPIC_INSPECT||Allow users to read topic key and value data|
|TOPIC_PRODUCE||Allow users to write new messages to topics|
|TOPIC_CREATE||Allow users to create new topics|
|TOPIC_EDIT||Allow users to edit topic configuration|
|TOPIC_DELETE||Allow users to delete topics|
|TOPIC_TRUNCATE||Allow users to truncate topics|
|GROUP_EDIT||Allow users edit consumer groups and reset consumer offsets|
|GROUP_DELETE||Allow users to delete consumer groups|
|BROKER_EDIT||Allow users to edit broker configuration|
|ACL_EDIT||Allow users to create and delete Kafka ACLs|
|SCHEMA||SCHEMA_CREATE||Allow users to create new schemas and subjects|
|SCHEMA_EDIT||Allow users to edit schemas and subjects|
|CONNECT||CONNECT_CREATE||Allow users to create new connectors|
|CONNECT_EDIT||Allow users to edit, pause, stop, and restart connectors and tasks|
|KSQLDB||KSQLDB_QUERY||Allow users to execute ksqlDB SQL queries (push or pull)|
|KSQLDB_EXECUTE||Allow users to execute ksqlDB SQL statements (eg, |
|KSQLDB_TERMINATE_QUERY||Allow users to terminate ksqlDB streaming push queries|
|KSQLDB_INSERT||Allow users to insert ksqlDB rows into source tables or streams|
Users are denied permissions on all actions by default.
To give permission to a specific action you must configure it true.
In most cases where the user is denied permission to an particular action the UI will show that denial directly to the user. In some cases the permission is determined on the back end and the user is informed after the fact that they do not have the ability to take the requested action.