Temporary policies

Temporary policies allow a Flex Admin to create temporary RBAC policies.

For example a temporary policy may grant GROUP_EDIT on a specific consumer group for a specific cluster for 30 minutes to a specific user role.

Note: an admin cannot assign temporary policies above their own permissions. For example, if creating a temporary policy for GROUP_EDIT , the admin must also be allowed to invoke GROUP_EDIT actions.

Adding a temporary policy

From within the Settings page an administrator can navigate to the Temporary policies tab.

adding a temporary policy

Manage temporary policies

From within the Settings page an administrator can navigate to the Temporary policies tab.

managing policies

You can view all current temporary policies and remove temporary policies before they expire.

Custom expiration for temporary policies

Administrators can select a custom expiration datetime when creating a temporary policy.

custom expiration at a glance

  • When "Custom" is selected in the duration dropdown, a datetime picker is shown.
  • The datetime picker:
    • Enforces selection of future dates only
    • Is mandatory when "Custom" is selected

datetime picker

preview of expiration

Notifications

You can configure the Slack integration integration to be notified when a new temporary policy has been made.

All temporary policies are persisted to the Data governance (Audit log).

Configuration

The following environment variables can be used to configure temporary policies:

  • TEMPORARY_POLICY_MAX_MS
    • Configures the maximum allowed duration a temporary policy can be applied for (in ms).
    • Default: 3600000 (1 hour)
    • To allow policies with no duration limit, set this value to -1.
Previous
Overview