Control Access to Confluent Cloud Resources¶
This section provides information on the key mechanisms for controlling access to Confluent Cloud resources, including the Confluent Cloud resource hierarchy, role-based access control (RBAC), IP filtering, and access control lists (ACLs).
Resource hierarchy¶
Confluent Cloud organizes resources in a hierarchical structure to manage access and permissions effectively. The top-level resource is the organization, which can contain multiple environments. Each environment can include various resources, such as Kafka clusters, connectors, ksqlDB clusters, and Schema Registry instances. This hierarchy allows for granular access control and resource management.
Role-based access control (RBAC)¶
Role-based access control (RBAC) allows you to manage access to Confluent Cloud resources by assigning predefined roles to users and service accounts. Each role includes a set of permissions that define what actions the role can perform on specific resources. This model simplifies access management and ensures that users have the appropriate level of access based on their roles.
IP filtering¶
IP filtering enhances security by restricting access to Confluent Cloud resources based on trusted IP addresses. You can create IP groups that define trusted IP ranges and apply these groups to IP filters. This ensures that only requests from trusted sources can access your resources, reducing the risk of unauthorized access.
Access control lists (ACLs)¶
Access control lists (ACLs) provide fine-grained access control to Kafka resources in Confluent Cloud. They allow you to specify which principals (users or service accounts) have permissions to perform specific operations on Kafka resources such as topics, consumer groups, and transactional IDs. ACLs can be used in conjunction with RBAC to provide comprehensive access control.