Role-Based Access Control Auditable Event Methods on Confluent Cloud

Expand all examples | Collapse all examples

Included here are the actions or operations on role-based access control (RBAC) resources that generate auditable event messages for the io.confluent.cloud/request event type. When an auditable event occurs, the auditable event method is triggered and a message is sent to the audit log and is stored as an audit log record.

Method name Action triggering an auditable event message
BindRoleForPrincipal A request to bind a role for a principal.
CreateRoleBinding A request to create a role binding for a principal.
DeleteRoleBindingById A request to delete a role binding for a principal by identifier.
UnbindRoleForPrincipal A request to unbind or remove a role binding for a principal.
UnBindAllRolesForPrincipal A request to unbind all role bindings for a principal.
GrantRoleResourcesForPrincipal A request to incrementally grant access to resources for a principal using the specified role.
RevokeRoleResourcesForPrincipal A request to incrementally revoke or remove access to resources for a principal using the specified role.

BindRoleForPrincipal

The BindRoleForPrincipal event is generated by a request to bind a role for a principal.

Examples

SUCCESS
{
  "datacontenttype": "application/json",
  "data": {
    "serviceName": "crn://confluent.cloud/",
    "methodName": "BindRoleForPrincipal",
    "cloudResources": [
      {
        "scope": {
          "resources": [
            {
              "type": "ORGANIZATION",
              "resourceId": "7d1d8d97-7a7c-47d0-b62f-352feb13e7aa"
            },
            {
              "type": "ENVIRONMENT",
              "resourceId": "env-0jwmy2"
            }
          ]
        },
        "resource": {
          "type": "CLOUD_CLUSTER",
          "resourceId": "lkc-pj58rm"
        }
      }
    ],
    "authenticationInfo": {
      "principal": {
        "confluentUser": {
          "resourceId": "User:u-nxd3q3"
        }
      },
      "result": "SUCCESS"
    },
    "requestMetadata": {
      "requestId": [
        "79530e62473965a37904ac08d9512944"
      ],
      "clientAddress": [
        {
          "ip": "134.238.9.157"
        }
      ]
    },
    "request": {
      "accessType": "MODIFICATION",
      "data": {
        "api_version": "1.9",
        "display_name": "principals",
        "role_name": "CloudClusterAdmin",
        "target_principal": "User:sa-nrww0v"
      }
    },
    "result": {
      "status": "SUCCESS"
    },
    "resourceName": "crn://confluent.cloud/organization=7d1d8d97-7a7c-47d0-b62f-352feb13e7aa/environment=env-0jwmy2/cloud-cluster=lkc-pj58rm"
  },
  "subject": "crn://confluent.cloud/organization=7d1d8d97-7a7c-47d0-b62f-352feb13e7aa/environment=env-0jwmy2/cloud-cluster=lkc-pj58rm",
  "specversion": "1.0",
  "id": "d5f26499-7777-4688-b0be-ae76a4809667",
  "source": "crn://confluent.cloud/",
  "time": "2022-09-15T12:39:59.505Z",
  "type": "io.confluent.cloud/request"
}
FAILURE
{
  "datacontenttype": "application/json",
  "data": {
    "serviceName": "crn://confluent.cloud/",
    "methodName": "BindRoleForPrincipal",
    "cloudResources": [
      {
        "scope": {
          "resources": [
            {
              "type": "ORGANIZATION",
              "resourceId": "7d1d8d97-7a7c-47d0-b62f-352feb13e7aa"
            },
            {
              "type": "ENVIRONMENT",
              "resourceId": "env-0jwmy2"
            }
          ]
        },
        "resource": {
          "type": "CLOUD_CLUSTER",
          "resourceId": "lkc-pj58rm"
        }
      }
    ],
    "authenticationInfo": {
      "principal": {
        "confluentUser": {
          "resourceId": "User:u-nxd3q3"
        }
      },
      "result": "SUCCESS"
    },
    "requestMetadata": {
      "requestId": [
        "79530e62473965a37904ac08d9512944"
      ],
      "clientAddress": [
        {
          "ip": "1.2.3.4"
        }
      ]
    },
    "request": {
      "accessType": "MODIFICATION",
      "data": {
        "api_version": "1.9",
        "display_name": "principals",
        "role_name": "CloudClusterAdmin",
        "target_principal": "User:sa-nrww0v"
      }
    },
    "result": {
      "status": "FAILURE"
    },
    "resourceName": "crn://confluent.cloud/organization=7d1d8d97-7a7c-47d0-b62f-352feb13e7aa/environment=env-0jwmy2/cloud-cluster=lkc-pj58rm"
  },
  "subject": "crn://confluent.cloud/organization=7d1d8d97-7a7c-47d0-b62f-352feb13e7aa/environment=env-0jwmy2/cloud-cluster=lkc-pj58rm",
  "specversion": "1.0",
  "id": "d5f26499-7777-4688-b0be-ae76a4809667",
  "source": "crn://confluent.cloud/",
  "time": "2022-09-15T12:39:59.505Z",
  "type": "io.confluent.cloud/request"
}

CreateRoleBinding

The CreateRoleBinding event is generated by a request to create a role binding. If the principal already exists, the existing role binding is returned. The principal, role name, and Confluent Resource Name (CRN) are required in the request body.

Examples

SUCCESS - Creating a non-resource level role binding
// CREATING A NON RESOURCE LEVEL ROLE BINDING

{
   "datacontenttype":"application/json",
   "data":{
      "serviceName":"crn://confluent.cloud/",
      "methodName":"CreateRoleBinding",
      "cloudResources":[
         {
            "resource":{
               "type":"ORGANIZATION",
               "resourceId":"26bdbe6b-0c1b-4d25-a6e6-7bcc4d0932e3"
            }
         }
      ],
      "authenticationInfo":{
         "principal":{
            "confluentUser":{
               "resourceId":"User:u-w7r59j"
            }
         },
         "result":"SUCCESS"
      },
      "requestMetadata":{
         "requestId":[
            "529aa2fffcce69634732bcbfd4929361"
         ],
         "clientAddress":[
            {
               "ip":"208.127.157.66"
            }
         ]
      },
      "request":{
         "data":{
            "api_version":"iam/v2",
            "display_name":"RoleBinding",
            "role_name":"OrganizationAdmin",
            "target_principal":"u-7z30zp"
         }
      },
      "result":{
         "status":"SUCCESS"
      },
      "resourceName":"crn://confluent.cloud/organization=26bdbe6b-0c1b-4d25-a6e6-7bcc4d0932e3"
   },
   "subject":"crn://confluent.cloud/organization=26bdbe6b-0c1b-4d25-a6e6-7bcc4d0932e3",
   "specversion":"1.0",
   "id":"bf28a547-b683-4680-9f0e-198a1d2eaac7",
   "source":"crn://confluent.cloud/",
   "time":"2024-01-18T12:38:27.737757918Z",
   "type":"io.confluent.cloud/request"
}
SUCCESS - Creating a resource level role binding
// CREATING RESOURCE LEVEL ROLE BINDING

{
   "datacontenttype":"application/json",
   "data":{
      "serviceName":"crn://confluent.cloud/",
      "methodName":"CreateRoleBinding",
      "cloudResources":[
         {
            "scope":{
               "resources":[
                  {
                     "type":"ORGANIZATION",
                     "resourceId":"26bdbe6b-0c1b-4d25-a6e6-7bcc4d0932e3"
                  },
                  {
                     "type":"ENVIRONMENT",
                     "resourceId":"env-12v9qj"
                  },
                  {
                     "type":"CLOUD_CLUSTER",
                     "resourceId":"lkc-3nymqo"
                  }
               ]
            },
            "resource":{
               "type":"KAFKA_CLUSTER",
               "resourceId":"lkc-3nymqo"
            }
         }
      ],
      "authenticationInfo":{
         "principal":{
            "confluentUser":{
               "resourceId":"User:u-w7r59j"
            }
         },
         "result":"SUCCESS"
      },
      "requestMetadata":{
         "requestId":[
            "8b41b7f390bd674d94b75758ae948df7"
         ],
         "clientAddress":[
            {
               "ip":"208.127.157.66"
            }
         ]
      },
      "request":{
         "data":{
            "api_version":"iam/v2",
            "display_name":"RoleBinding",
            "role_name":"ResourceOwner",
            "target_principal":"u-7z30zp",
            "resource_patterns":[
               {
                  "resource_type":"Topic",
                  "name":"keahooiliteral",
                  "pattern_type":"LITERAL"
               }
            ]
         }
      },
      "result":{
         "status":"SUCCESS"
      },
      "resourceName":"crn://confluent.cloud/organization=26bdbe6b-0c1b-4d25-a6e6-7bcc4d0932e3/environment=env-12v9qj/cloud-cluster=lkc-3nymqo/kafka-cluster=lkc-3nymqo"
   },
   "subject":"crn://confluent.cloud/organization=26bdbe6b-0c1b-4d25-a6e6-7bcc4d0932e3/environment=env-12v9qj/cloud-cluster=lkc-3nymqo/kafka-cluster=lkc-3nymqo",
   "specversion":"1.0",
   "id":"d05dea96-d86f-4864-9639-1fb564902d82",
   "source":"crn://confluent.cloud/",
   "time":"2024-01-18T12:35:56.939332883Z",
   "type":"io.confluent.cloud/request"
}

DeleteRoleBindingById

The DeleteRoleBindingById event is generated by a request to delete a role binding by identifier. This event returns a 403 Forbidden error if the role binding does not exist or if the principal does not have permission to delete the role binding.

Examples

SUCCESS - Deleting a non-resource level role binding
{
   "datacontenttype":"application/json",
   "data":{
      "serviceName":"crn://confluent.cloud/",
      "methodName":"DeleteRoleBindingById",
      "cloudResources":[
         {
            "resource":{
               "type":"ORGANIZATION",
               "resourceId":"26bdbe6b-0c1b-4d25-a6e6-7bcc4d0932e3"
            }
         }
      ],
      "authenticationInfo":{
         "principal":{
            "confluentUser":{
               "resourceId":"User:u-w7r59j"
            }
         },
         "result":"SUCCESS"
      },
      "requestMetadata":{
         "requestId":[
            "4cf4c55ca3e2f97824ac83617897e168"
         ],
         "clientAddress":[
            {
               "ip":"208.127.157.66"
            }
         ]
      },
      "request":{
         "data":{
            "api_version":"iam/v2",
            "display_name":"RoleBinding",
            "role_name":"OrganizationAdmin",
            "target_principal":"u-7z30zp"
         }
      },
      "result":{
         "status":"SUCCESS"
      },
      "resourceName":"crn://confluent.cloud/organization=26bdbe6b-0c1b-4d25-a6e6-7bcc4d0932e3"
   },
   "subject":"crn://confluent.cloud/organization=26bdbe6b-0c1b-4d25-a6e6-7bcc4d0932e3",
   "specversion":"1.0",
   "id":"d04cd699-4e5f-47eb-a450-3f3bbd489795",
   "source":"crn://confluent.cloud/",
   "time":"2024-01-18T12:39:42.476584128Z",
   "type":"io.confluent.cloud/request"
}
SUCCESS - Deleting a resource level role binding
{
   "datacontenttype":"application/json",
   "data":{
      "serviceName":"crn://confluent.cloud/",
      "methodName":"DeleteRoleBindingById",
      "cloudResources":[
         {
            "scope":{
               "resources":[
                  {
                     "type":"ORGANIZATION",
                     "resourceId":"26bdbe6b-0c1b-4d25-a6e6-7bcc4d0932e3"
                  },
                  {
                     "type":"ENVIRONMENT",
                     "resourceId":"env-12v9qj"
                  },
                  {
                     "type":"CLOUD_CLUSTER",
                     "resourceId":"lkc-3nymqo"
                  }
               ]
            },
            "resource":{
               "type":"KAFKA_CLUSTER",
               "resourceId":"lkc-3nymqo"
            }
         }
      ],
      "authenticationInfo":{
         "principal":{
            "confluentUser":{
               "resourceId":"User:u-w7r59j"
            }
         },
         "result":"SUCCESS"
      },
      "requestMetadata":{
         "requestId":[
            "11c92a51e8e1d981a77027f6f714e389"
         ],
         "clientAddress":[
            {
               "ip":"208.127.157.66"
            }
         ]
      },
      "request":{
         "data":{
            "api_version":"iam/v2",
            "display_name":"RoleBinding",
            "role_name":"ResourceOwner",
            "target_principal":"u-7z30zp",
            "resource_patterns":[
               {
                  "resource_type":"Topic",
                  "name":"keahooiliteral",
                  "pattern_type":"LITERAL"
               }
            ]
         }
      },
      "result":{
         "status":"SUCCESS"
      },
      "resourceName":"crn://confluent.cloud/organization=26bdbe6b-0c1b-4d25-a6e6-7bcc4d0932e3/environment=env-12v9qj/cloud-cluster=lkc-3nymqo/kafka-cluster=lkc-3nymqo"
   },
   "subject":"crn://confluent.cloud/organization=26bdbe6b-0c1b-4d25-a6e6-7bcc4d0932e3/environment=env-12v9qj/cloud-cluster=lkc-3nymqo/kafka-cluster=lkc-3nymqo",
   "specversion":"1.0",
   "id":"40c353ac-5c08-4300-a25f-df505ca5e096",
   "source":"crn://confluent.cloud/",
   "time":"2024-01-18T12:41:01.302945165Z",
   "type":"io.confluent.cloud/request"
}

UnbindRoleForPrincipal

The UnbindRoleForPrincipal event is generated by a request to unbind, or remove, a role from a principal. If the principal does not have a role binding for the role, there is no operation.

Examples

SUCCESS
{
  "datacontenttype": "application/json",
  "data": {
    "serviceName": "crn://confluent.cloud/",
    "methodName": "UnbindRoleForPrincipal",
    "cloudResources": [
      {
        "scope": {
          "resources": [
            {
              "type": "ORGANIZATION",
              "resourceId": "7d1d8d97-7a7c-47d0-b62f-352feb13e7aa"
            },
            {
              "type": "ENVIRONMENT",
              "resourceId": "env-0jwmy2"
            }
          ]
        },
        "resource": {
          "type": "CLOUD_CLUSTER",
          "resourceId": "lkc-pj58rm"
        }
      }
    ],
    "authenticationInfo": {
      "principal": {
        "confluentUser": {
          "resourceId": "User:u-nxd3q3"
        }
      },
      "result": "SUCCESS"
    },
    "requestMetadata": {
      "requestId": [
        "b33d77236b7a99a7cd5e88e55e807390"
      ],
      "clientAddress": [
        {
          "ip": "1.2.3.4"
        }
      ]
    },
    "request": {
      "accessType": "MODIFICATION",
      "data": {
        "api_version": "1.9",
        "display_name": "principals",
        "role_name": "CloudClusterAdmin",
        "target_principal": "User:sa-nrww0v"
      }
    },
    "result": {
      "status": "SUCCESS"
    },
    "resourceName": "crn://confluent.cloud/organization=7d1d8d97-7a7c-47d0-b62f-352feb13e7aa/environment=env-0jwmy2/cloud-cluster=lkc-pj58rm"
  },
  "subject": "crn://confluent.cloud/organization=7d1d8d97-7a7c-47d0-b62f-352feb13e7aa/environment=env-0jwmy2/cloud-cluster=lkc-pj58rm",
  "specversion": "1.0",
  "id": "83b0ca11-9976-4ee9-8e54-ed513a29f444",
  "source": "crn://confluent.cloud/",
  "time": "2022-09-15T12:52:13.032Z",
  "type": "io.confluent.cloud/request"
}
FAILURE
{
  "datacontenttype": "application/json",
  "data": {
    "serviceName": "crn://confluent.cloud/",
    "methodName": "UnbindRoleForPrincipal",
    "cloudResources": [
      {
        "scope": {
          "resources": [
            {
              "type": "ORGANIZATION",
              "resourceId": "7d1d8d97-7a7c-47d0-b62f-352feb13e7aa"
            },
            {
              "type": "ENVIRONMENT",
              "resourceId": "env-0jwmy2"
            }
          ]
        },
        "resource": {
          "type": "CLOUD_CLUSTER",
          "resourceId": "lkc-pj58rm"
        }
      }
    ],
    "authenticationInfo": {
      "principal": {
        "confluentUser": {
          "resourceId": "User:u-nxd3q3"
        }
      },
      "result": "SUCCESS"
    },
    "requestMetadata": {
      "requestId": [
        "b33d77236b7a99a7cd5e88e55e807390"
      ],
      "clientAddress": [
        {
          "ip": "1.2.3.4"
        }
      ]
    },
    "request": {
      "accessType": "MODIFICATION",
      "data": {
        "api_version": "1.9",
        "display_name": "principals",
        "role_name": "CloudClusterAdmin",
        "target_principal": "User:sa-nrww0v"
      }
    },
    "result": {
      "status": "FAILURE"
    },
    "resourceName": "crn://confluent.cloud/organization=7d1d8d97-7a7c-47d0-b62f-352feb13e7aa/environment=env-0jwmy2/cloud-cluster=lkc-pj58rm"
  },
  "subject": "crn://confluent.cloud/organization=7d1d8d97-7a7c-47d0-b62f-352feb13e7aa/environment=env-0jwmy2/cloud-cluster=lkc-pj58rm",
  "specversion": "1.0",
  "id": "83b0ca11-9976-4ee9-8e54-ed513a29f444",
  "source": "crn://confluent.cloud/",
  "time": "2022-09-15T12:52:13.032Z",
  "type": "io.confluent.cloud/request"
}

UnbindAllRolesForPrincipal

The UnbindAllRolesForPrincipal event is generated by a request to unbind or remove all role bindings for a principal.

Examples

SUCCESS
{
  "datacontenttype": "application/json",
  "data": {
    "serviceName": "crn://confluent.cloud/",
    "methodName": "UnbindAllRolesForPrincipal",
    "cloudResources": [
      {
        "resource": {
          "type": "ORGANIZATION",
          "resourceId": "7d1d8d97-7a7c-47d0-b62f-352feb13e7aa"
        }
      }
    ],
    "authenticationInfo": {
      "principal": {
        "confluentUser": {
          "resourceId": "User:u-nxd3q3"
        }
      },
      "result": "SUCCESS"
    },
    "requestMetadata": {
      "requestId": [
        "98817a254a07520f866c281c0b54ea10"
      ],
      "clientAddress": [
        {
          "ip": "1.2.3.4"
        }
      ]
    },
    "request": {
      "accessType": "MODIFICATION",
      "data": {
        "api_version": "1.9",
        "display_name": "principals",
        "role_name": "all",
        "target_principal": "User:sa-nrww0v"
      }
    },
    "result": {
      "status": "SUCCESS"
    },
    "resourceName": "crn://confluent.cloud/organization=7d1d8d97-7a7c-47d0-b62f-352feb13e7aa"
  },
  "subject": "crn://confluent.cloud/organization=7d1d8d97-7a7c-47d0-b62f-352feb13e7aa",
  "specversion": "1.0",
  "id": "6368ed47-462b-4af4-be99-a57d94d03113",
  "source": "crn://confluent.cloud/",
  "time": "2022-09-14T07:53:05.332Z",
  "type": "io.confluent.cloud/request"
}
FAILURE
{
  "datacontenttype": "application/json",
  "data": {
    "serviceName": "crn://confluent.cloud/",
    "methodName": "UnbindAllRolesForPrincipal",
    "cloudResources": [
      {
        "resource": {
          "type": "ORGANIZATION",
          "resourceId": "7d1d8d97-7a7c-47d0-b62f-352feb13e7aa"
        }
      }
    ],
    "authenticationInfo": {
      "principal": {
        "confluentUser": {
          "resourceId": "User:u-nxd3q3"
        }
      },
      "result": "SUCCESS"
    },
    "requestMetadata": {
      "requestId": [
        "98817a254a07520f866c281c0b54ea10"
      ],
      "clientAddress": [
        {
          "ip": "1.2.3.4"
        }
      ]
    },
    "request": {
      "accessType": "MODIFICATION",
      "data": {
        "api_version": "1.9",
        "display_name": "principals",
        "role_name": "all",
        "target_principal": "User:sa-nrww0v"
      }
    },
    "result": {
      "status": "FAILURE"
    },
    "resourceName": "crn://confluent.cloud/organization=7d1d8d97-7a7c-47d0-b62f-352feb13e7aa"
  },
  "subject": "crn://confluent.cloud/organization=7d1d8d97-7a7c-47d0-b62f-352feb13e7aa",
  "specversion": "1.0",
  "id": "6368ed47-462b-4af4-be99-a57d94d03113",
  "source": "crn://confluent.cloud/",
  "time": "2022-09-14T07:53:05.332Z",
  "type": "io.confluent.cloud/request"
}

GrantRoleResourcesForPrincipal

The GrantRoleResourcesForPrincipal event is generated by a request to incrementally grant access to resources for a principal using the specified role.

Examples

SUCCESS
{
  "datacontenttype": "application/json",
  "data": {
    "serviceName": "crn://confluent.cloud/",
    "methodName": "GrantRoleResourcesForPrincipal",
    "cloudResources": [
      {
        "scope": {
          "resources": [
            {
              "type": "ORGANIZATION",
              "resourceId": "7d1d8d97-7a7c-47d0-b62f-352feb13e7aa"
            },
            {
              "type": "ENVIRONMENT",
              "resourceId": "env-0jwmy2"
            },
            {
              "type": "CLOUD_CLUSTER",
              "resourceId": "lkc-pj58rm"
            }
          ]
        },
        "resource": {
          "type": "KAFKA_CLUSTER",
          "resourceId": "lkc-pj58rm"
        }
      }
    ],
    "authenticationInfo": {
      "principal": {
        "confluentUser": {
          "resourceId": "User:u-nxd3q3"
        }
      },
      "result": "SUCCESS"
    },
    "requestMetadata": {
      "requestId": [
        "d8e79cba798d5bfc24019c9401047a31"
      ],
      "clientAddress": [
        {
          "ip": "1.2.3.4"
        }
      ]
    },
    "request": {
      "accessType": "MODIFICATION",
      "data": {
        "api_version": "1.9",
        "display_name": "principals",
        "role_name": "ResourceOwner",
        "target_principal": "User:u-nxd3q3",
        "resource_patterns": [
          {
            "resource_type": "Topic",
            "name": "*",
            "pattern_type": "LITERAL"
          }
        ]
      }
    },
    "result": {
      "status": "SUCCESS"
    },
    "resourceName": "crn://confluent.cloud/organization=7d1d8d97-7a7c-47d0-b62f-352feb13e7aa/environment=env-0jwmy2/cloud-cluster=lkc-pj58rm/kafka-cluster=lkc-pj58rm"
  },
  "subject": "crn://confluent.cloud/organization=7d1d8d97-7a7c-47d0-b62f-352feb13e7aa/environment=env-0jwmy2/cloud-cluster=lkc-pj58rm/kafka-cluster=lkc-pj58rm",
  "specversion": "1.0",
  "id": "f7c652ef-6fd3-435e-8882-18cfd7be9983",
  "source": "crn://confluent.cloud/",
  "time": "2022-09-15T13:58:19.648Z",
  "type": "io.confluent.cloud/request"
}
FAILURE
{
  "datacontenttype": "application/json",
  "data": {
    "serviceName": "crn://confluent.cloud/",
    "methodName": "GrantRoleResourcesForPrincipal",
    "cloudResources": [
      {
        "scope": {
          "resources": [
            {
              "type": "ORGANIZATION",
              "resourceId": "7d1d8d97-7a7c-47d0-b62f-352feb13e7aa"
            },
            {
              "type": "ENVIRONMENT",
              "resourceId": "env-0jwmy2"
            }
          ]
        },
        "resource": {
          "type": "CLOUD_CLUSTER",
          "resourceId": "lkc-pj58rm"
        }
      }
    ],
    "authenticationInfo": {
      "principal": {
        "confluentUser": {
          "resourceId": "User:u-nxd3q3"
        }
      },
      "result": "SUCCESS"
    },
    "requestMetadata": {
      "requestId": [
        "9697546d7e7e51b882cfc162c0a4bbff"
      ],
      "clientAddress": [
        {
          "ip": "1.2.3.4"
        }
      ]
    },
    "request": {
      "accessType": "MODIFICATION",
      "data": {
        "api_version": "1.9",
        "display_name": "principals",
        "role_name": "ResourceOwner",
        "target_principal": "User:sa-nrww0v",
        "resource_patterns": [
          {
            "resource_type": "Topic",
            "name": "myTopic1",
            "pattern_type": "LITERAL"
          }
        ]
      }
    },
    "result": {
      "status": "FAILURE"
    },
    "resourceName": "crn://confluent.cloud/organization=7d1d8d97-7a7c-47d0-b62f-352feb13e7aa/environment=env-0jwmy2/cloud-cluster=lkc-pj58rm"
  },
  "subject": "crn://confluent.cloud/organization=7d1d8d97-7a7c-47d0-b62f-352feb13e7aa/environment=env-0jwmy2/cloud-cluster=lkc-pj58rm",
  "specversion": "1.0",
  "id": "ea9be2fc-46e7-4865-b389-b6841a04b5ad",
  "source": "crn://confluent.cloud/",
  "time": "2022-09-15T13:59:12.787Z",
  "type": "io.confluent.cloud/request"
}

RevokeRoleResourcesForPrincipal

The RevokeRoleResourcesForPrincipal event is generated by a request to incrementally revoke or remove access to resources for a principal using the specified role.

Examples

SUCCESS
{
  "datacontenttype": "application/json",
  "data": {
    "serviceName": "crn://confluent.cloud/",
    "methodName": "RevokeRoleResourcesForPrincipal",
    "cloudResources": [
      {
        "scope": {
          "resources": [
            {
              "type": "ORGANIZATION",
              "resourceId": "7d1d8d97-7a7c-47d0-b62f-352feb13e7aa"
            },
            {
              "type": "ENVIRONMENT",
              "resourceId": "env-0jwmy2"
            },
            {
              "type": "CLOUD_CLUSTER",
              "resourceId": "lkc-pj58rm"
            }
          ]
        },
        "resource": {
          "type": "KAFKA_CLUSTER",
          "resourceId": "lkc-pj58rm"
        }
      }
    ],
    "authenticationInfo": {
      "principal": {
        "confluentUser": {
          "resourceId": "User:u-nxd3q3"
        }
      },
      "result": "SUCCESS"
    },
    "requestMetadata": {
      "requestId": [
        "8632a6b0c78d5181fdff932861cd7bf9"
      ],
      "clientAddress": [
        {
          "ip": "1.2.3.4"
        }
      ]
    },
    "request": {
      "accessType": "MODIFICATION",
      "data": {
        "api_version": "1.9",
        "display_name": "principals",
        "role_name": "ResourceOwner",
        "target_principal": "User:u-nxd3q3",
        "resource_patterns": [
          {
            "resource_type": "Topic",
            "name": "*",
            "pattern_type": "LITERAL"
          }
        ]
      }
    },
    "result": {
      "status": "SUCCESS"
    },
    "resourceName": "crn://confluent.cloud/organization=7d1d8d97-7a7c-47d0-b62f-352feb13e7aa/environment=env-0jwmy2/cloud-cluster=lkc-pj58rm/kafka-cluster=lkc-pj58rm"
  },
  "subject": "crn://confluent.cloud/organization=7d1d8d97-7a7c-47d0-b62f-352feb13e7aa/environment=env-0jwmy2/cloud-cluster=lkc-pj58rm/kafka-cluster=lkc-pj58rm",
  "specversion": "1.0",
  "id": "5d41ac2c-208c-43b2-a8af-ec397b95ed12",
  "source": "crn://confluent.cloud/",
  "time": "2022-09-15T13:53:04.941Z",
  "type": "io.confluent.cloud/request"
}
FAILURE
{
  "datacontenttype": "application/json",
  "data": {
    "serviceName": "crn://confluent.cloud/",
    "methodName": "RevokeRoleResourcesForPrincipal",
    "cloudResources": [
      {
        "scope": {
          "resources": [
            {
              "type": "ORGANIZATION",
              "resourceId": "7d1d8d97-7a7c-47d0-b62f-352feb13e7aa"
            },
            {
              "type": "ENVIRONMENT",
              "resourceId": "env-0jwmy2"
            }
          ]
        },
        "resource": {
          "type": "CLOUD_CLUSTER",
          "resourceId": "lkc-pj58rm"
        }
      }
    ],
    "authenticationInfo": {
      "principal": {
        "confluentUser": {
          "resourceId": "User:u-nxd3q3"
        }
      },
      "result": "SUCCESS"
    },
    "requestMetadata": {
      "requestId": [
        "7f0baf2fdc63055143b320aa543ca987"
      ],
      "clientAddress": [
        {
          "ip": "1.2.3.4"
        }
      ]
    },
    "request": {
      "accessType": "MODIFICATION",
      "data": {
        "api_version": "1.9",
        "display_name": "principals",
        "role_name": "ResourceOwner",
        "target_principal": "User:sa-nrww0v",
        "resource_patterns": [
          {
            "resource_type": "Topic",
            "name": "myTopic1",
            "pattern_type": "LITERAL"
          }
        ]
      }
    },
    "result": {
      "status": "FAILURE"
    },
    "resourceName": "crn://confluent.cloud/organization=7d1d8d97-7a7c-47d0-b62f-352feb13e7aa/environment=env-0jwmy2/cloud-cluster=lkc-pj58rm"
  },
  "subject": "crn://confluent.cloud/organization=7d1d8d97-7a7c-47d0-b62f-352feb13e7aa/environment=env-0jwmy2/cloud-cluster=lkc-pj58rm",
  "specversion": "1.0",
  "id": "521030da-9430-4196-9592-6100cff35119",
  "source": "crn://confluent.cloud/",
  "time": "2022-09-15T13:55:58.627Z",
  "type": "io.confluent.cloud/request"
}