Role-based Access Control (RBAC) on Confluent Cloud

Confluent Cloud role-based access control (RBAC) lets you control access to an organization, environment, cluster, or granular Kafka resources (topics, consumer groups, and transactional IDs), Schema Registry resources, and ksqlDB resources based on predefined roles and access permissions. Use RBAC to protect your Confluent Cloud resources and data by authorizing and restricting access to principals and by delegating access authorization to the appropriate business units and teams in your organization.

Key concepts

Before diving into RBAC implementation, understand these key concepts:

• Organizations

• Environments

• User accounts

• Service accounts

• Networks

• Resource hierarchy

• Access control lists (ACLs)

• Authorizing Using RBAC and ACLs [Confluent Developer video]

Component-specific RBAC

For details on component-specific RBAC, see the following topics:

• Flink RBAC - Manage access to Flink resources and compute pools

• ksqlDB RBAC - Control access to ksqlDB clusters and queries

• Schema Registry RBAC - Manage schema access and compatibility

• Stream Catalog RBAC - Control access to data discovery and metadata

• Stream Lineage RBAC - Manage access to data lineage views

• Managed Connectors RBAC - Control connector operations and configurations

For a complete list of resources that support RBAC, see RBAC by component.