Grant Role-Based Access for Tableflow in Confluent Cloud¶
Tableflow supports Role-based Access Control (RBAC) for managing access to Tableflow resources. There are no Tableflow-specific roles to configure, and access to Tableflow typically mirrors access to Apache Kafka® resources.
Access to Tableflow resources¶
The following table shows the roles, scope, and permitted management operations of Tableflow.
| Roles | Scope | Enable/Disable/Update Tableflow with Confluent storage | Enable/Disable/Update Tableflow with custom storage | View and list table | Data plane read |
|---|---|---|---|---|---|
| OrganizationAdmin | Organization | Yes | Yes | Yes | Yes |
| EnvironmentAdmin | Environment | Yes | Yes | Yes | Yes |
| CloudClusterAdmin | Cloud cluster | Yes | Yes [1] | Yes | Yes |
| ResourceOwner | Cluster | Yes | Yes [1] | Yes | Yes |
| OrganizationOperator | Organization | No | No | Yes | No |
| EnvironmentOperator | Environment | No | No | Yes | No |
| CloudClusterOperator | Cloud cluster | No | No | Yes | No |
| DeveloperManage | Cluster | No | No | Yes | No |
| DeveloperRead | Cluster | No | No | No | Yes |
| Others | None | No | No | No | No |
| [1] | (1, 2) With ProviderIntegrationResourceOwner or ProviderIntegrationAssigner roles for Glue |
TableflowTopics APIs¶
TableflowTopics APIs enable managing Tableflow for a topic. These management operations include:
- CREATE: Enable Tableflow for a topic and set the configurations.
- UPDATE: Update the Tableflow configurations for a topic
- DELETE: Disable tableflow for a topic
- GET: Get the current Tableflow status for a topic along with the configurations
- LIST: Get the Tableflow status and configurations for all topics in a cluster.
Catalog Integration APIs¶
Catalog Integration APIs enable managing the external catalog integrations, like AWS Glue Data Catalog and Snowflake Polaris. The following table shows the roles, scopes, and permitted catalog integration management operations for RBAC roles.
| Roles | Scope | Create/Update/Delete Catalog Integration | View Catalog Integration |
|---|---|---|---|
| CloudClusterAdmin | Cloud cluster | Yes [2] | Yes |
| EnvironmentAdmin | Environment | Yes | Yes |
| OrganizationAdmin | Organization | Yes | Yes |
| Others | No | No |
| [2] | With ProviderIntegrationResourceOwner or ProviderIntegrationAssigner roles for Glue |