Supported Operations and Schema Registry Resources¶
The Schema Registry security plugin provides authorization for operations on schemas for subjects, which correspond to Kafka topics.
The supported operations and corresponding Schema Registry URIs are listed here. These apply to both role-based access control (RBAC) and ACL authorization.
Tip
You can use both RBAC and ACLs together or independently. Both methods of access control have their strengths and use cases. To learn more, see RBAC and ACLs in the RBAC overview.
Supported Operations¶
SCHEMA REGISTRY OPERATION | RESOURCE |
---|---|
SUBJECT_READ |
|
SUBJECT_WRITE |
|
SUBJECT_DELETE |
|
SCHEMA_READ |
|
SUBJECT_COMPATIBILITY_READ |
|
SUBJECT_COMPATIBILITY_WRITE |
|
GLOBAL_COMPATIBILITY_READ |
|
GLOBAL_COMPATIBILITY_WRITE |
|
GLOBAL_SUBJECTS_READ |
|
For more information on these operations, see the Schema Registry API.
Configure the Authorizer¶
Incoming requests are mapped to a Schema Registry Operation as outlined in above table, after which the request is authorized using the configured authorizer.
confluent.schema.registry.authorizer.class¶
The implementation used to authorize Schema Registry requests. This needs to be an implementation
of the SchemaRegistryAuthorizer
interface.
- Type: string
- Default: “”
- Importance: high
These Schema Registry authorizers are provided natively.