Temporary policies
Temporary policies allow a Flex Admin to create temporary RBAC policies.
For example a temporary policy may grant GROUP_EDIT
on a specific consumer group for a specific cluster for 30 minutes to a specific user role.
Note: an admin cannot assign temporary policies above their own permissions. For example, if creating a temporary policy for GROUP_EDIT
, the admin must also be allowed to invoke GROUP_EDIT
actions.
Adding a temporary policy
From within the Settings page an administrator can navigate to the Temporary policies tab.
Manage temporary policies
From within the Settings page an administrator can navigate to the Temporary policies tab.
You can view all current temporary policies and remove temporary policies before they expire.
Notifications
You can configure the Slack integration integration to be notified when a new temporary policy has been made.
All temporary policies are persisted to the Data governance (Audit log).
Configuration
The following environment variables can be used to configure temporary policies:
TEMPORARY_POLICY_MAX_MS
- Configures the maximum allowed duration a temporary policy can be applied for (in ms). Default 1 hour.