User authorization


Kpow supports two methods of controlling user access to User actions.

User actions

Note: User actions apply to specific Domains. This is important when configuring Role Based Access Control.

The following actions are supported by both methods of access control.

DomainActionControl (when TRUE)
CLUSTERTOPIC_DATA_QUERYAllow users to read topic key and value data
TOPIC_DATA_DOWNLOADAllow users to download topic data from data inspect results
TOPIC_PRODUCEAllow users to write new messages to topics
TOPIC_CREATEAllow users to create new topics
TOPIC_EDITAllow users to edit topic configuration
TOPIC_DELETEAllow users to delete topics
TOPIC_TRUNCATEAllow users to truncate topics
TOPIC_ELECT_LEADERAllow users to elect the leader replica of a topic partition
TOPIC_ALTER_REASSIGNMENTSAllow users to edit the reassignments of a topic partition
GROUP_EDITAllow users edit consumer groups and reset consumer offsets
GROUP_DELETEAllow users to delete consumer groups and remove group members
BROKER_EDITAllow users to edit broker configuration
BROKER_UNREGISTERAllow users to unregister brokers for clusters using Raft
ACL_EDITAllow users to create and delete Kafka ACLs
PRODUCER_EDITAllow users to abort transactions and fence Kafka Producers
QUOTA_EDITAllow users to create, edit and delete Kafka Quotas
ADMINAllow users to be a Kpow admin (view audit log, staged mutations)
BULK_ACTIONAllow users to perform bulk actions
SCHEMASCHEMA_CREATEAllow users to create new schemas and subjects
SCHEMA_VERSION_EDITAllow users to edit schemas and subjects
SCHEMA_DELETEAllow users to delete subjects schemas (both soft and permanent
BULK_ACTIONAllow users to perform bulk actions
CONNECTCONNECT_CREATEAllow users to create new connectors
CONNECT_ALTER_STATEAllow users to pause, stop, resume and restart connectors and tasks
CONNECT_EDIT_CONFIGAllow users to edit connector config
CONNECT_DELETEAllow users to delete connectors
CONNECT_INSPECTAllow users to view connector config
BULK_ACTIONAllow users to perform bulk actions.
KSQLDBKSQLDB_QUERYAllow users to execute ksqlDB SQL queries (push or pull)
KSQLDB_EXECUTEAllow users to execute ksqlDB SQL statements (eg, CREATE_TABLE)
KSQLDB_TERMINATE_QUERY .Allow users to terminate ksqlDB streaming push queries
KSQLDB_INSERTAllow users to insert ksqlDB rows into source tables or streams
BULK_ACTIONAllow users to perform bulk actions

User permissions

Users are denied permissions on all actions by default.

To give permission to a specific action you must configure it true.

In most cases where the user is denied permission to an particular action the UI will show that denial directly to the user. In some cases the permission is determined on the back end and the user is informed after the fact that they do not have the ability to take the requested action.