Important

You are viewing documentation for an older version of Confluent Platform. For the latest, click here.

Schema Registry Authorization

The Schema Registry security plugin provides authorization for Schema Registry operations.

The supported operations and corresponding Schema Registry URIs are listed here.

SCHEMA REGISTRY OPERATION	RESOURCE
SUBJECT_READ	GET /subjects/(string: subject)/versions GET /subjects/(string: subject)/versions/(versionId: version)
SUBJECT_WRITE	POST /subjects/(string: subject)/versions POST /subjects/(string: subject) POST /compatibility/subjects/(string: subject)/versions/(versionId: version)
SUBJECT_DELETE	DELETE /subjects/(string: subject)/versions/(versionId: version) DELETE /subjects/(string: subject)
SCHEMA_READ	GET /schemas/ids/{int: id}
SUBJECT_COMPATIBILITY_READ	GET /config/(string: subject)
SUBJECT_COMPATIBILITY_WRITE	PUT /config/(string: subject)
GLOBAL_COMPATIBILITY_READ	GET /config
GLOBAL_COMPATIBILITY_WRITE	PUT /config
GLOBAL_SUBJECTS_READ	GET /subjects

For more information, see the Schema Registry API.

Incoming requests are mapped to a Schema Registry Operation as outlined in above table, after which the request is authorized using the configured authorizer:

confluent.schema.registry.authorizer.class

The implementation used to authorize Schema Registry requests. This needs to be an implementation of the interface SchemaRegistryAuthorizer.

• Type: string
• Default: “”
• Importance: high

These Schema Registry authorizers are provided natively.

• Schema Registry ACL Authorizer
  • Enable ACL Authorizer
  • Schema Registry ACL CLI
    • Adding ACLs
    • Removing ACLs
    • List ACLs
• Topic ACL Authorizer