Supported Operations and Schema Registry Resources

The Schema Registry security plugin provides authorization for operations on schemas for subjects, which correspond to Kafka topics.

The supported operations and corresponding Schema Registry URIs are listed here. These apply to both role-based access control (RBAC) and ACL authorization.

Tip

You can use both RBAC and ACLs together or independently. Both methods of access control have their strengths and use cases. To learn more, see RBAC and ACLs in the RBAC overview.

Supported Operations

SCHEMA REGISTRY OPERATION RESOURCE
SUBJECT_READ
GET /subjects/(string: subject)/versions
POST /subjects/(string: subject)
GET /subjects/(string: subject)/versions/(versionId: version)
SUBJECT_WRITE
POST /subjects/(string: subject)/versions
POST /compatibility/subjects/(string: subject)/versions/(versionId: version)
SUBJECT_DELETE
DELETE /subjects/(string: subject)/versions/(versionId: version)
DELETE /subjects/(string: subject)
SCHEMA_READ
GET /schemas/ids/{int: id}
SUBJECT_COMPATIBILITY_READ
GET /config/(string: subject)
GET /mode/(string: subject)
SUBJECT_COMPATIBILITY_WRITE
PUT /config/(string: subject)
PUT /mode/(string: subject)
GLOBAL_COMPATIBILITY_READ
GET /config and .. http:get:: /mode
GLOBAL_COMPATIBILITY_WRITE
PUT /config and .. http:put:: /mode
GLOBAL_READ
GET /subjects

For more information on these operations, see the Schema Registry API.

Configure the Authorizer

Incoming requests are mapped to a Schema Registry Operation as outlined in above table, after which the request is authorized using the configured authorizer.

confluent.schema.registry.authorizer.class

The implementation used to authorize Schema Registry requests. This needs to be an implementation of the SchemaRegistryAuthorizer interface.

  • Type: string
  • Default: “”
  • Importance: high

These Schema Registry authorizers are provided natively.