Role-Based Access Control for Pipelines With Stream Designer on Confluent Cloud¶
Stream Designer controls access to pipeline models by using the Role-Based Access Control (RBAC) model provided by Confluent Cloud. Pipeline models are RBAC resources, and actions on these resources are checked by Stream Designer, which issues permissions as required.
Stream Designer RBAC¶
Stream Designer is a multi-user and multi-player system, which means that multiple users can collaborate on a pipeline model, even at the same time. It’s possible that one user activates a pipeline, and later a different user reactivates or deactivates the same pipeline model. Stream Designer ensures that if both users have the privilege to activateand deactivate the pipeline, Stream Designer provisions, updates, or deletes the actual resources, like connectors, topics, schema subjects, and ksqlDB queries. To accomplish this, Stream Designer gives the pipeline its own identity by using a service account and API keys.
Any user with the CloudClusterAdmin role on the Confluent Cloud cluster can view
the pipeline’s settings and toggle whether the pipeline has the privileges to
provision, manage, and delete connectors, topics, queries and schema subjects.
Only users that have the OrganizationAdmin role can grant privileges to a
pipeline.
Stream Designer checks whether the current pipeline has the required permissions, and adds privileges as necessary. Stream Designer checks existing role bindings on the internal service account and adds any missing role bindings. The RBAC system syncs the role bindings to the underlying clusters, allowing any users with existing privileges on the pipeline model to be able to activate, deactivate, pause, and resume the pipeline. When such requests are made, Stream Designer uses the pipeline’s API keys, which are owned by the pipeline’s service account that now has the necessary roles, to submit requests to the Connect, the Kafka, ksqlDB, and Schema Registry clusters that are associated with the pipeline.
If you’re an administrator and you need to remove permissions from the pipeline, you can view the pipeline’s settings and uncheck whether the pipeline is to be allowed to provision, manage, and delete connectors, topics, queries and schema subjects. Stream Designer removes the necessary role bindings from the internal service account. These role bindings are synced to the underlying clusters in Confluent Cloud, and no Stream Designer instance will be able to submit requests to Connect, Kafka, ksqlDB, and Schema Registry clusters that are associated with the pipeline. For more information, see List the role bindings for a principal.
Role assignments for pipelines¶
The following table shows how RBAC roles map to operations on pipeline resources.
| Namespace | Name | Display Name | Scope | Description | Operations |
|---|---|---|---|---|---|
| public | OrganizationAdmin |
OrganizationAdmin |
organization | Allows all operations on all pipeline models in the organization. | Activate, Alter, AlterAccess, Create, Deactivate, Delete,
Describe, DescribeAccess, Pause, Restore, Resume, View |
| public | EnvironmentAdmin |
EnvironmentAdmin |
environment | Allows all operations on all pipeline models in the environment. | Activate, Alter, AlterAccess, Create, Deactivate, Delete,
Describe, DescribeAccess, Pause, Restore, Resume, View |
| public | NetworkAdmin |
NetworkAdmin |
organization | Network admins inherit no privileges on pipeline models. | none |
| public | CloudClusterAdmin |
CloudClusterAdmin |
cloud-cluster | Allows all operations on all pipeline models in the cloud cluster. | Activate, Alter, AlterAccess, Create, Deactivate, Delete,
Describe, DescribeAccess, Pause, Restore, Resume, View |
| public | MetricsViewer |
MetricsViewer |
organization | Metrics viewers inherit no privileges on pipeline models. | none |
| datagovernance | DataDiscovery |
DataDiscovery |
environment | Allows operations related to viewing pipeline metadata for all pipelines in the environment. | Describe |
| datagovernance | DataSteward |
DataSteward |
environment | Allows operations related to viewing pipeline metadata for all pipelines in the environment. | Describe |
| public | PipelineResourceOwner |
ResourceOwner |
pipeline | All operations on the pipeline, except for granting privileges to the pipeline, which requires Org Admin privileges because it an internal service account must be created. | Activate, Alter, AlterAccess, Create, Deactivate, Delete,
Describe, DescribeAccess, Pause, Restore, Resume, View |
| public | PipelineDeveloperRead |
DeveloperRead |
pipeline | Allows operations related to viewing the pipeline model. | Describe, View |
| public | PipelineDeveloperWrite |
DeveloperWrite |
pipeline | Allows operations related to viewing and updating the pipeline model. | Alter, Describe, View |
| public | PipelineDeveloperManage |
DeveloperManage |
pipeline | Allows operations related to viewing, updating, activating, deactivating, and pausing/resuming the pipeline model. | Activate, Alter, AlterAccess, Create, Deactivate, Delete,
Describe, DescribeAccess, Pause, Restore, Resume, View |
| dataplane | OrganizationOperator |
Operator |
organization | Allows operations related to viewing all pipeline metadata and models in the organization. | Describe, View |
| dataplane | EnvironmentOperator |
Operator |
environment | Allows operations related to viewing all pipeline metadata and models in the environment. | Describe, View |
| dataplane | CloudClusterOperator |
Operator |
cloud-cluster | Allows operations related to viewing all pipeline metadata and models in the cloud cluster. | Describe, View |