Access Transparency on Confluent Cloud
Access Transparency provides visibility into when your Dedicated Kafka clusters were accessed by Confluent personnel and why they were accessed. This feature helps you maintain compliance with regulatory requirements, demonstrate proper governance controls, and provides assurance that your data is being accessed only for legitimate operational purposes.
Access Transparency provides near real-time visibility into when Confluent personnel access your Dedicated Kafka clusters, including:
What activity was performed
When the access occurred
Why the access was necessary
Where the access originated from (country/location)
Access Transparency is in Limited Availability
Access Transparency is in Limited Availability to Confluent customers as a fully supported feature and recommended for production use. To get access, contact Confluent Support.
Requirements
To use Access Transparency, you must meet the following requirements:
Premier support plan: You must be subscribed to the Premier support plan.
Audit Logs enabled: You must be actively consuming Confluent Cloud audit logs (enabled by default).
Explicit enablement: Access transparency logs are disabled by default and must be explicitly enabled.
Support request: Request Access Transparency logging from Confluent Support.
Dedicated Kafka clusters only: Available only on Dedicated Kafka clusters.
Supported cloud service providers: Available on AWS, Azure, and Google Cloud.
Enable Access Transparency logging
To enable Access Transparency logging:
Ensure you have the Premier support plan.
Contact your account executive (AE) or Confluent Support.
Request Access Transparency logs to be enabled in your organization.
Log fields
Access transparency logs include the following fields:
Field | Description |
|---|---|
Event ID | A unique number to identify each event |
Timestamp | When the action happened |
Employee job family | The job role of the Confluent employee |
Location | Where the action was done (country) |
Result | The outcome of the action |
Event type
Access transparency logs are generated with the event type:
io.confluent.cloud/access-transparency
Event method
The following event method is used for Access Transparency:
Method name | Description |
|---|---|
| Generated when Confluent personnel access your Dedicated Kafka cluster for support, maintenance, or other operational purposes. |
Note
There are no failure logs for Access Transparency events. Only successful access events are logged.
For details about the Access Transparency event methods, see Access Transparency Auditable Event Methods.
Consume Access Transparency logs
To consume Access Transparency logs:
Ensure you have the Premier support plan.
Contact Confluent Support to enable Access Transparency logs.
Use the same audit log consumption methods you use for regular audit logs.
Filter for events with type
io.confluent.cloud/access-transparency.
For detailed information about the event structure and examples, see Access Transparency Auditable Event Methods.
Use cases
Access Transparency is particularly valuable for:
Compliance Requirements: Meeting regulatory requirements that mandate transparency into data access, including DORA, FCA/PRA, BaFin, APRA, and other financial services regulations.
Security Auditing: Maintaining detailed audit trails of all access to your infrastructure for security monitoring and incident response.
Trust and Transparency: Building trust with customers by providing visibility into operational access and demonstrating proper governance controls.
Incident Investigation: Understanding what actions were taken during support incidents to facilitate root cause analysis and resolution.