confluent iam rbac role-binding create

Description

Create a role binding.

confluent iam rbac role-binding create [flags]

Note

If you need to troubleshoot when setting up role bindings, it may be helpful to view audit logs on the fly to identify authorization events for specific principals, resources, or operations. For details, refer to Viewing audit logs on the fly.

Flags

    --role string                      REQUIRED: Role name of the new role binding.
    --principal string                 REQUIRED: Principal type and identifier using "Prefix:ID" format.
    --environment string               Environment ID for scope of role-binding operation.
    --current-environment              Use current environment ID for scope.
    --cloud-cluster string             Cloud cluster ID for the role binding.
    --kafka-cluster string             Kafka cluster ID for the role binding.
    --schema-registry-cluster string   Schema Registry cluster ID for the role binding.
    --ksql-cluster string              ksqlDB cluster name for the role binding.
    --resource string                  Resource type and identifier using "Prefix:ID" format.
    --prefix                           Whether the provided resource name is treated as a prefix pattern.
-o, --output string                    Specify the output format as "human", "json", or "yaml". (default "human")

Global Flags

-h, --help            Show help for this command.
    --unsafe-trace    Equivalent to -vvvv, but also log HTTP requests and responses which might contain plaintext secrets.
-v, --verbose count   Increase verbosity (-v for warn, -vv for info, -vvv for debug, -vvvv for trace).

Examples

Grant the role “CloudClusterAdmin” to the principal “User:u-123456” in the environment “env-123456” for the cloud cluster “lkc-123456”:

confluent iam rbac role-binding create --principal User:u-123456 --role CloudClusterAdmin --environment env-123456 --cloud-cluster lkc-123456

Grant the role “ResourceOwner” to the principal “User:u-123456”, in the environment “env-123456” for the Kafka cluster “lkc-123456” on the resource “Topic:my-topic”:

confluent iam rbac role-binding create --principal User:u-123456 --role ResourceOwner --resource Topic:my-topic --environment env-123456 --cloud-cluster lkc-123456 --kafka-cluster lkc-123456

Grant the role “MetricsViewer” to service account “sa-123456”:

confluent iam rbac role-binding create --principal User:sa-123456 --role MetricsViewer

Grant the “ResourceOwner” role to principal “User:u-123456” and all subjects for Schema Registry cluster “lsrc-123456” in environment “env-123456”:

confluent iam rbac role-binding create --principal User:u-123456 --role ResourceOwner --environment env-123456 --schema-registry-cluster lsrc-123456 --resource "Subject:*"

Grant the “ResourceOwner” role to principal “User:u-123456” and subject “test” for the Schema Registry cluster “lsrc-123456” in the environment “env-123456”:

confluent iam rbac role-binding create --principal User:u-123456 --role ResourceOwner --environment env-123456 --schema-registry-cluster lsrc-123456 --resource "Subject:test"

Grant the “ResourceOwner” role to principal “User:u-123456” and all subjects in schema context “schema_context” for Schema Registry cluster “lsrc-123456” in the environment “env-123456”:

confluent iam rbac role-binding create --principal User:u-123456 --role ResourceOwner --environment env-123456 --schema-registry-cluster lsrc-123456 --resource "Subject::.schema_context:*"

Grant the “ResourceOwner” role to principal “User:u-123456” and subject “test” in schema context “schema_context” for Schema Registry “lsrc-123456” in the environment “env-123456”:

confluent iam rbac role-binding create --principal User:u-123456 --role ResourceOwner --environment env-123456 --schema-registry-cluster lsrc-123456 --resource "Subject::.schema_context:test"

Grant the “FlinkDeveloper” role to principal “User:u-123456” in environment “env-123456”:

confluent iam rbac role-binding create --principal User:u-123456 --role FlinkDeveloper --environment env-123456

See Also