Overview

Secure kPow with User Authorization

kPow supports two methods of controlling user access to User Actions.

User Actions

Note: User Actions apply to specific Domains. This is important when configuring RBAC.

The following actions are supported by both methods of access control.

Domain

Action

Control (when TRUE)

CLUSTER

TOPIC_INSPECT

Allow users to read topic key and value data

TOPIC_PRODUCE

Allow users to write new messages to topics

TOPIC_CREATE

Allow users to create new topics

TOPIC_EDIT

Allow users to edit topic configuration

TOPIC_DELETE

Allow users to delete topics

GROUP_EDIT

Allow users to delete consumer groups and reset consumer offsets

BROKER_EDIT

Allow users to edit broker configuration

SCHEMA

SCHEMA_CREATE

Allow users to create new schemas and subjects

SCHEMA_EDIT

Allow users to edit schemas and subjects

CONNECT

CONNECT_CREATE

Allow users to create new connectors

CONNECT_EDIT

Allow users to edit, pause, stop, and restart connectors and tasks

User Permissions

Users are denied permissions on all actions by default.

To give permission to a specific action you must configure it true.

In most cases where the user is denied permission to an particular action the UI will show that denial directly to the user. In some cases the permission is determined on the back end and the user is informed after the fact that they do not have the ability to take the requested action.