.. _confluentsecurityplugins_schema_registry_security_plugin: |sr| Security Plugin for |cp| ============================= |commercial| .. include:: ../../includes/sr-security.rst :start-after: sr-rbac-intro-start :end-before: sr-rbac-intro-stop The |sr| plugin supports authorization for both |rbac-long| and ACLs, and you can configure it to use either or both. If both are configured, then requests are authorized by way of a logical ``OR``. In other words, a request that is only authorized by |rbac| or ACLs is still considered valid. .. tip:: ACLs are separately available for |ak| and for |sr|. If you have ACLs enabled for |ak-tm| (to protect topics, consumer groups, and so on), then you must configure |sr| with ACL permissions to read, write, create, and describe the ``_schemas`` topic. However, until either ACLs or Role-Based Access Control is also enabled for |sr|, any user can create, alter, and delete |sr| `subjects`.