Important
You are viewing documentation for an older version of Confluent Platform. For the latest, click here.
Authorization for Schema Registry Operations and Resources¶
The Schema Registry security plugin provides authorization for operations on schemas for subjects, which correspond to Kafka topics.
The supported operations and corresponding Schema Registry URIs are listed here. These apply to both role-based access control (RBAC) and ACL authorization.
Tip
You can use both RBAC and ACLs together or independently. Both methods of access control have their strengths and use cases. To learn more, see RBAC and ACLs in the RBAC overview.
Supported Operations¶
| SCHEMA REGISTRY OPERATION | RESOURCE |
|---|---|
| SUBJECT_READ |
|
| SUBJECT_WRITE |
|
| SUBJECT_DELETE |
|
| SCHEMA_READ |
|
| SUBJECT_COMPATIBILITY_READ |
|
| SUBJECT_COMPATIBILITY_WRITE |
|
| GLOBAL_COMPATIBILITY_READ |
|
| GLOBAL_COMPATIBILITY_WRITE |
|
| GLOBAL_SUBJECTS_READ |
|
For more information on these operations, see the Schema Registry API.
Configure the Authorizer¶
Incoming requests are mapped to a Schema Registry Operation as outlined in above table, after which the request is authorized using the configured authorizer.
confluent.schema.registry.authorizer.class¶
The implementation used to authorize Schema Registry requests. This needs to be an implementation
of the SchemaRegistryAuthorizer interface.
- Type: string
- Default: “”
- Importance: high
These Schema Registry authorizers are provided natively.
- Role-Based Access Control
- Overview
- Quick Start
- Before You Begin
- Steps at a glance
- Prerequisites
- Install Confluent Platform and the Confluent CLI
- Configure Schema Registry to communicate with RBAC services
- Get the Kafka cluster ID for the MDS server you plan to use
- Grant roles for the Schema Registry service principal
- Start Schema Registry and test it
- Log on to Confluent CLI and grant access to Schema Registry users
- Suggested Reading
- Schema Registry ACL Authorizer
- Topic ACL Authorizer