The Ultimate Engineering Toolkit for Apache Kafka®
Search…
kPow User Guide
About
Introduction
Our Team
Releases
Trials and Licenses
Support
Data Collection
Installation
Quick Start
System Requirements
Deployment Notes
Minimum ACL Permissions
Application Logs
OpenShift
AWS Marketplace
Troubleshooting
Configuration
Environment Variables
Kafka Cluster
Schema Registry
Kafka Connect
Multi-Cluster Management
Azure Event Hubs
Confluent Cloud
Redpanda
User Authentication
Overview
LdapLoginModule
PropertyFileLoginModule
JDBCLoginModule
OpenID/OAuth 2.0
SAML
User Authorization
Overview
Simple Access Control
Role Based Access Control
Multi-Tenancy
Administration
Features
Kafka Streams
Data Governance (Audit Log)
Data Policies
HTTPS Connections
Live Mode
Data Inspect
Data Produce
Prometheus Integration
Slack Integration
Kafka Management
Topics
Groups
Brokers
ACLs
Connect
Schema Registry
Powered By GitBook
Data Governance (Audit Log)
kPow captures all user actions in an audit log.
The audit log is retained in an internal topic, __oprtr_audit_log and displayed in the kPow UI.
kPow provides Slack Integration to have user actions sent to the slack channel of your choosing.
The audit log captures requests and responses related to each user action, as well as the metadata associated with the request.

Audit Log

Administrators in kPow can view the last seven days of audit logs from within the application by navigating to the "Audit Log" section within "Settings":

User Log

Users can view their last seven days worth of activity from within the application by navigating to the "User Log" section with "Settings":

Sample Audit Record

Consider a request to create a new Kafka topic named tx-events.
kPow has been configured with Github SSO and the following RBAC policy.
1
policies:
2
- resource: ["cluster", "Enpl9Kw4QK6pwK0LaRVssQ"]
3
effect: "Allow"
4
actions: ["TOPIC_INSPECT", "TOPIC_EDIT", "TOPIC_PRODUCE"]
5
role: "*"
Copied!
The request to create Kafka topic tx-events will result in the following audit record.
1
{:data
2
{:user
3
{:provider :github,
4
:email "[email protected]",
5
:name "John Smith",
6
:login "JohnSmithGithub",
7
:id "e69002ee-467d-4d6f-8236-054c58b2a00c"},
8
:event
9
[:mutation/create-topic
10
{:topic-name "MyNewTopic",
11
:replication-factor "1",
12
:partitions "1",
13
:config-items {},
14
:request/ctx {:cluster-id "Enpl9Kw4QK6pwK0LaRVssQ"}}],
15
:rbac
16
{:success? true,
17
:action "TOPIC_CREATE",
18
:policies
19
({:resource [:cluster "*"],
20
:role "*",
21
:effect "Allow",
22
:actions
23
#{"TOPIC_INSPECT" "TOPIC_EDIT" "TOPIC_PRODUCE"}})}},
24
:ctx {:cluster-id "Enpl9Kw4QK6pwK0LaRVssQ"},
25
:type :mutation/request}
Copied!
The audit log record contains the following details:
  • The contents of the request itself (topic create request)
  • Metadata about the user who made the request (John Smith)
  • Authorization results:
    • Whether the user was authorized to perform the request
    • The matching policies that were evaluated against the request
    • The action required to perform the mutation (TOPIC_CREATE)
Features - Previous
Kafka Streams
Next - Features
Data Policies
Last modified 6mo ago
Copy link
Contents
Audit Log
User Log
Sample Audit Record