documentation
Get Started Free
  • Get Started Free
  • Stream
      Confluent Cloud

      Fully-managed data streaming platform with a cloud-native Kafka engine (KORA) for elastic scaling, with enterprise security, stream processing, governance.
      Confluent Platform

      An on-premises enterprise-grade distribution of Apache Kafka with enterprise security, stream processing, governance.
  • Connect
      Managed

      Use fully-managed connectors with Confluent Cloud to connect to data sources and sinks.
      Self-Managed

      Use self-managed connectors with Confluent Platform to connect to data sources and sinks.
  • Govern
      Managed

      Use fully-managed Schema Registry and Stream Governance with Confluent Cloud.
      Self-Managed

      Use self-managed Schema Registry and Stream Governance with Confluent Platform.
  • Process
      Managed

      Use Flink on Confluent Cloud to run complex, stateful, low-latency streaming applications.
      Self-Managed

      Use Flink on Confluent Platform to run complex, stateful, low-latency streaming applications.
Stream
Confluent Cloud

Fully-managed data streaming platform with a cloud-native Kafka engine (KORA) for elastic scaling, with enterprise security, stream processing, governance.
Confluent Platform

An on-premises enterprise-grade distribution of Apache Kafka with enterprise security, stream processing, governance.
Connect
Managed

Use fully-managed connectors with Confluent Cloud to connect to data sources and sinks.
Self-Managed

Use self-managed connectors with Confluent Platform to connect to data sources and sinks.
Govern
Managed

Use fully-managed Schema Registry and Stream Governance with Confluent Cloud.
Self-Managed

Use self-managed Schema Registry and Stream Governance with Confluent Platform.
Process
Managed

Use Flink on Confluent Cloud to run complex, stateful, low-latency streaming applications.
Self-Managed

Use Flink on Confluent Platform to run complex, stateful, low-latency streaming applications.
Learn
Get Started Free
  1. Home
  2. Platform
  3. Security
  4. Authorization

CONFLUENT PLATFORM

  • Overview
  • Get Started
    • What is Confluent Platform?
    • Apache Kafka Quick Start
      • Overview
      • Quick Start for Apache Kafka using Confluent Platform (Local)
      • Quick Start for Apache Kafka using Confluent Platform (Docker)
      • Quick Start for Apache Kafka using Confluent Platform Community Components (Local)
      • Quick Start for Apache Kafka using Confluent Platform Community Components (Docker)
    • Kafka Basics on Confluent Platform
    • Introduction to Kafka
    • Kafka Design
    • Videos, Demos, and Reading Material
      • Confluent Platform Demo (cp-demo)
        • cp-demo Overview
        • On-Prem Tutorial
        • Hybrid Deployment to Confluent Cloud Tutorial
        • Teardown
        • Troubleshooting
      • Tutorial: Introduction to Streaming Application Development
      • Clickstream Data Analysis Pipeline Using ksqlDB
      • RBAC Example
      • Replicator Schema Translation Example
      • DevOps for Apache Kafka® with Kubernetes and GitOps
        • Overview
        • Kafka DevOps Case Studies
          • Case Study: Graduated Environments
          • Case Study: Manage Cloud Secrets
          • Case Study: Kafka Connect management with GitOps
  • Install and Upgrade
    • On-Premises Deployments
      • Overview
      • ZIP and TAR
      • Ubuntu and Debian
      • RHEL and CentOS
      • Docker
        • Install using Docker
        • Docker Configuration Parameters
        • Docker Image Reference
        • Docker Security
        • Docker Developer Guide
    • Confluent System Requirements
    • Confluent Platform Licenses
    • Confluent Platform Upgrade Checklist
    • Upgrade
    • Supported Versions and Interoperability
    • Using Confluent Platform systemd Service Unit Files
    • Confluent Platform Packages
    • Migrate to Confluent Platform
    • Migrate an Existing Kafka Deployment
    • Migrate to Confluent Server
  • Build Client Applications
    • Overview
    • Configure Clients
      • Consumer
      • Producer
      • Schemas, Serializers, and Deserializers
      • Configuration Properties
    • Client Guides
      • Python
      • .NET Client
      • JavaScript Client
      • Go Client
      • C++ Client
      • Java Client
      • JMS Client
        • Overview
        • Development Guide
    • Client Examples
      • Overview
      • Python Client
      • .NET Client
      • JavaScript Client
      • Go Client
      • C++ Client
      • Java
      • Spring Boot
      • KafkaProducer
      • REST
      • Clojure
      • Groovy
      • Kafka Connect Datagen
      • kafkacat
      • Kotlin
      • Ruby
      • Rust
      • Scala
    • Kafka Client APIs
      • Python Client API
      • .NET Client API
      • JavaScript Client API
      • Go Client API
      • C++ Client API
      • Java Client API
      • JMS Client
        • Overview
        • Development Guide
    • Deprecated Client APIs
    • MQTT Proxy
      • Introduction
      • Communication Security Settings
      • MQTT Proxy Configuration Options
    • kcat (formerly kafkacat) Utility
  • Confluent REST APIs
    • Overview
    • Quick Start
    • API Reference
    • Production Deployment
      • Confluent Server
        • Configuration
        • Security
      • REST Proxy
        • Overview
        • Configuration
        • Monitoring
        • Security
    • Connect to Confluent Cloud
    • REST Proxy Tutorial
  • ksqlDB and Kafka Streams
    • Overview
    • ksqlDB
      • ksqlDB Overview
      • ksqlDB Quickstart
      • Install ksqlDB
      • Operate ksqlDB
      • Upgrade ksqlDB
      • Develop applications for ksqlDB
      • Run ksqlDB in Confluent Cloud
      • Connect ksqlDB to Confluent Cloud
      • Pull queries preview with Confluent Cloud ksqlDB
      • Migrate Confluent Cloud ksqlDB applications
      • Run ksqlDB in Confluent Control Center
      • Connect ksqlDB to Confluent Control Center
      • Secure ksqlDB with RBAC
      • Frequently Asked Questions
      • Troubleshoot ksqlDB issues
      • Tutorials and Examples
        • Examples Overview
        • ksqlDB quick start
        • Write streaming queries using ksqlDB (local)
        • Write streaming queries using ksqlDB and Confluent Control Center
        • Materialized view/cache
        • Streaming ETL pipeline
        • Event-driven microservice
        • ksqlDB with Embedded Connect
        • Clickstream Data Analysis Pipeline Using ksqlDB
        • Integrate with PostgreSQL
        • Kafka Tutorials using ksqlDB
        • Stream Processing Cookbook
        • Examples
    • Kafka Streams
      • Kafka Streams Overview
      • Introduction
      • Kafka Streams Quick Start
      • Tutorial: Introduction to Streaming Application Development
      • Connect Confluent Platform Components to Confluent Cloud
      • Streams Concepts
      • Streams Architecture
      • Streams Code Examples
      • Streams Developer Guide
        • Writing a Streams Application
        • Testing Streams Code
        • Configuring a Streams Application
        • Streams DSL
        • Naming Kafka Streams DSL Topologies
        • Optimizing Kafka Streams Topologies
        • Processor API
        • Data Types and Serialization
        • Interactive Queries
        • Memory Management
        • Running Streams Applications
        • Managing Streams Application Topics
        • Streams Security
        • Application Reset Tool
      • Pipelining with Kafka Connect and Kafka Streams
      • Streams Operations
        • Capacity planning and sizing
        • Monitoring Kafka Streams Applications
      • Streams Upgrade Guide
      • Streams FAQ
      • Streams Javadocs
  • Connect to External Systems
    • Overview
    • Get Started
    • Connectors
    • Confluent Hub
      • Overview
      • Confluent Hub Client
      • Command Reference
        • Overview
        • confluent-hub help
        • confluent-hub install
      • Component Archive Specification
      • Contribute to Confluent Hub
    • Install
    • License
    • Supported
    • Preview
    • Configure
    • Concepts
    • Monitor
    • Logging
    • Connect to Confluent Cloud
    • Developer Guide
    • Tutorial: Moving Data In and Out of Kafka
    • Reference
      • Connect Javadocs
      • Connect REST Interface
      • Worker Configuration Properties
      • Connector Configuration Properties
    • Transformation
      • Single Message Transforms for Confluent Platform
      • Cast
      • Drop
      • ExtractField
      • ExtractTopic
      • Filter (Apache Kafka)
      • Filter (Confluent)
      • Flatten
      • HeaderFrom
      • HoistField
      • InsertField
      • MaskField
      • MessageTimestampRouter
      • RegexRouter
      • ReplaceField
      • SetSchemaMetadata
      • TimestampConverter
      • TimestampRouter
      • TombstoneHandler
      • ValueToKey
      • Custom transformations
    • Security
      • Kafka Connect Security Basics
      • Kafka Connect and RBAC
        • Getting started with RBAC and Kafka Connect
        • Configuring RBAC for a Connect cluster
        • Configuring RBAC for a Connect worker
        • Configuring RBAC for connectors
        • Connect Secret Registry
        • Example role-binding sequence
    • Design
    • Add Connectors and Software
    • Install Community Connectors
    • Upgrade
    • FAQ
  • Schema Management
    • Overview
    • Installing and Configuring
      • Overview
      • Configuration Options
      • Run in Production
      • Connect to Confluent Cloud
      • Migrate Schemas
    • Schema Registry Tutorials
      • Tutorials Overview
      • On-Premises
      • Confluent Cloud
    • Schema ID Validation on Confluent Server
    • Monitoring
    • Single and Multi-Datacenter Setup
    • Schema Evolution and Compatibility
    • Schemas in Control Center
    • Schemas on Confluent Cloud
    • Migrate Schemas
    • Deleting Schemas
    • Security
      • Schema Registry Security Overview
      • Role-Based Access Control
      • Schema Registry Security Plugin
        • Overview
        • Install and Configure
        • Schema Registry Authorization
          • Supported Operations and Resources
          • Role-Based Access Control
          • Schema Registry ACL Authorizer
          • Topic ACL Authorizer
    • Developer Guide
      • Overview
      • Maven Plugin
      • API Reference
      • API Usage Examples
    • Schema Formats
      • Formats, Serializers, and Deserializers
      • Avro
      • Protobuf
      • JSON Schema
    • Integrate Schemas from Connectors
  • Security
    • General Security
      • Security Overview
      • Security Tutorial
      • Confluent Server Authorizer
      • Cluster Registry
      • Security Compliance
      • Prefixes for Configuring Security
    • Authentication
      • Authentication Methods Overview
      • Authentication with SASL
        • Authentication with SASL using JAAS
        • Install
        • Configuring GSSAPI
        • Configuring OAUTHBEARER
        • Configuring PLAIN
        • Configuring SCRAM
        • Authentication using Delegation Tokens
        • Configuring Kafka Client Authentication with LDAP
      • Encryption and Authentication with SSL
      • HTTP Basic authentication
      • Adding security to a running cluster
    • Authorization
      • Authorization using Role-Based Access Control
        • RBAC Overview
        • Quick Start
        • Predefined Roles
        • Enable RBAC in a Running Cluster
        • Discover Identifiers for Clusters
        • Configuring Token Authentication
        • Confluent Metadata API Reference
        • RBAC Example
      • Configure RBAC using the REST API
      • ACLs
        • Authorization using centralized ACLs
        • Authorization using ACLs
        • Confluent LDAP Authorizer Overview
          • Confluent LDAP Authorizer
          • Using the Confluent LDAP Authorizer
          • Configuring the LDAP Authorizer
          • Configure LDAP Authentication
    • Data Protection
      • Audit Logs
        • Audit Log Concepts
        • Configuring Audit Logs using the CLI
        • Configure MDS to Manage Centralized Audit Logs
        • MDS API Audit Log Configuration
        • Configuring Audit Logs using the Properties File
      • Encryption with SSL
      • Secrets
        • Secrets Management
        • Tutorial: Secret Protection
    • Component Security
      • Confluent Control Center (Legacy) Security
        • Confluent Control Center (Legacy) Security
        • Configuring SSL
        • Control Center (Legacy) Configuring SASL
        • Control Center (Legacy) UI Authentication
        • Configuring Control Center (Legacy) to work with Kafka ACLs
        • Configuring Control Center (Legacy) with LDAP authentication
        • Configure RBAC for Control Center (Legacy)
        • Manage and view RBAC roles in Control Center (Legacy)
          • Log in to Control Center (Legacy) when RBAC enabled
          • Manage RBAC roles with Control Center (Legacy)
          • View your RBAC roles in Control Center (Legacy)
      • Streams Security
      • Schema Registry Security
      • Kafka Connect Security
        • Kafka Connect Security Basics
        • Kafka Connect and RBAC
          • Getting started with RBAC and Kafka Connect
          • Configuring RBAC for a Connect cluster
          • Configuring RBAC for a Connect worker
          • Configuring RBAC for connectors
          • Connect Secret Registry
          • Example role-binding sequence
      • ksqlDB RBAC
      • REST Proxy Security
        • REST Proxy Security
        • REST Proxy Security Plugins
      • ZooKeeper Security
    • Security Management Tools
      • Ansible Playbooks for Confluent Platform
      • Docker Security for Confluent Platform
  • Multi-DC Deployment Architectures
    • Overview
    • Architecture Patterns and Use Cases
    • Replicator for Multi-Datacenter Replication
      • Replicator Overview
      • Tutorial: Replicating Data Across Clusters
      • Active-active Demo
      • Download and Install
      • Configure and Run
      • Tuning Replicator
      • Monitoring Replicator
      • Replicator and Cross-Cluster Failover
      • Configuration Options
      • Migrate from MirrorMaker to Replicator
      • Replicator Verifier
      • Replicator to Cloud Configurations
    • Multi-Region Clusters
      • Overview
      • Tutorial: Multi-Region Clusters
    • Cluster Linking Preview
      • Cluster Linking
      • Demo (Docker)
      • Tutorial
      • Commands
      • Configuration Options
      • Metrics and Monitoring
      • Security
  • Administer
    • Configuration Reference
      • Overview
      • Kafka Broker Configurations
      • Topic Configurations
      • Consumer Configurations
      • Producer Configurations
      • Connect Configurations
        • Overview
        • Sink Configuration Properties
        • Source Configuration Properties
      • AdminClient Configurations
      • License Configurations
      • Streams Configurations
      • Docker Configuration Parameters for Confluent Platform
      • Control Center Configurations
      • Streams Configurations
      • ZooKeeper Configurations
      • ksqlDB Server Configurations
    • CLI Tools for Confluent Platform
      • CLI Tools for Confluent Platform
      • Confluent CLI
      • Confluent Cloud CLI
    • Dynamic Configurations
    • Configure Multi-Node Environment
    • Metadata Service (MDS)
      • Configure Metadata Service (MDS)
      • Configure Confluent Platform Components to Communicate with MDS over SSL
      • Configure mTLS Authentication and RBAC for Kafka Brokers
      • Configure Kerberos Authentication for Brokers Running MDS
      • Configure LDAP Authentication
      • Configure LDAP Group-Based Authorization for MDS
      • Configure MDS to Manage Centralized Audit Logs
      • Metadata Service Configuration Options
      • Confluent Metadata API Reference
    • Confluent Metrics Reporter
    • Confluent Telemetry Reporter
    • Confluent REST APIs
      • Overview
      • Quick Start
      • API Reference
      • Production Deployment
        • Confluent Server
          • Configuration
          • Security
        • REST Proxy
          • Overview
          • Configuration
          • Monitoring
          • Security
      • Connect to Confluent Cloud
      • REST Proxy Tutorial
    • Kafka Operations
      • Overview
      • Running Kafka in Production
      • Dynamic Configurations
      • Post Kafka Deployment
      • Self-Balancing Clusters
        • Self-Balancing Overview
        • Quick Start Demo (Docker)
        • Tutorial: Adding and Removing Brokers
        • Configuration Options and Commands
        • Performance and Resource Usage
      • Auto Data Balancing
        • Quick Start
        • Tutorial (Docker)
        • Command and Configuration Options
      • Monitor Kafka with JMX
      • Confluent Metrics Reporter
      • Tiered Storage
    • Docker Operations
      • Overview
      • Kafka Monitoring and Metrics Using JMX
      • Configure Docker Logging
      • Mounting Docker External Volumes
    • Post Kafka Deployment
    • ZooKeeper Operations
      • Overview
      • Running ZooKeeper in Production
    • Kafka Streams Operations
      • Capacity planning and sizing
      • Monitoring Kafka Streams Applications
    • ksqlDB Operations
    • DevOps for Apache Kafka® with Kubernetes and GitOps
      • Overview
      • Kafka DevOps Case Studies
        • Case Study: Graduated Environments
        • Case Study: Manage Cloud Secrets
        • Case Study: Kafka Connect management with GitOps
  • Monitor and Manage
    • Monitor and Manage Confluent Platform
    • Proactive Support
    • Confluent Telemetry Reporter
    • Telemetry Reporter Metrics
    • Confluent Metrics Reporter
    • Monitor Kafka
    • Confluent Control Center (Legacy)
      • Control Center Overview
      • Installing and configuring Control Center (Legacy)
        • Configuring Control Center (Legacy)
        • Control Center (Legacy) Configuration Reference
        • Check Control Center (Legacy) Version and Enable Auto-Update
        • Control Center (Legacy) Usage Data Collection
        • Control Center (Legacy) Properties Files
        • Connecting Control Center to Confluent Cloud
        • Confluent Monitoring Interceptors
        • Installing Control Center (Legacy) on Kafka
        • Managing Confluent Platform Licenses
        • Troubleshooting Control Center (Legacy)
        • Upgrading Control Center (Legacy)
      • Control Center (Legacy) User Guide
        • User Guide Overview
        • Clusters
        • Brokers
        • Topics
          • Topics Overview
          • Add topics
          • View topic metrics
          • Message Browser
          • Manage Schemas for Topics
          • Edit the configuration settings for topics
          • Delete a topic
        • Connect
        • ksqlDB
        • Consumers
        • Replicators
        • Cluster settings
        • Alerts
          • Concepts
          • Configure alerts properties
          • Configure PagerDuty email integration with Control Center (Legacy) alerts
          • Alerts navigation
          • Trigger management
          • Actions management
          • Example triggers and actions
          • REST API for alerts history
          • Troubleshooting alerts
        • System Health (deprecated view)
        • Data streams monitoring (deprecated view)
      • Confluent Control Center (Legacy) Security
    • Configure Docker Logging
    • Monitor Streams Applications
  • Resources
  • Confluent CLI
  • Release Notes
    • Release Notes
    • Component Changelogs
  • API and Javadocs
    • Streams Javadocs
    • Connect Javadocs
    • Connect REST Interface
    • Clients API reference
      • Overview
      • Configure Clients
        • Consumer
        • Producer
        • Schemas, Serializers, and Deserializers
        • Configuration Properties
      • Client Guides
        • Python
        • .NET Client
        • JavaScript Client
        • Go Client
        • C++ Client
        • Java Client
        • JMS Client
          • Overview
          • Development Guide
      • Client Examples
        • Overview
        • Python Client
        • .NET Client
        • JavaScript Client
        • Go Client
        • C++ Client
        • Java
        • Spring Boot
        • KafkaProducer
        • REST
        • Clojure
        • Groovy
        • Kafka Connect Datagen
        • kafkacat
        • Kotlin
        • Ruby
        • Rust
        • Scala
      • Kafka Client APIs
        • Python Client API
        • .NET Client API
        • JavaScript Client API
        • Go Client API
        • C++ Client API
        • Java Client API
        • JMS Client
          • Overview
          • Development Guide
      • Deprecated Client APIs
      • MQTT Proxy
        • Introduction
        • Communication Security Settings
        • MQTT Proxy Configuration Options
      • kcat (formerly kafkacat) Utility
    • Schema Registry API Reference
    • ksqlDB syntax reference
    • Confluent REST Proxy API Reference
    • Confluent Metadata API Reference

Authorization using Role-Based Access Control¶

  • RBAC Overview
  • Quick Start
  • Predefined Roles
  • Enable RBAC in a Running Cluster
  • Discover Identifiers for Clusters
  • Configuring Token Authentication
  • Confluent Metadata API Reference
  • RBAC Example

Was this doc page helpful?

Give us feedback

Do you still need help?

Confluent support portal Ask the community
Thank you. We'll be in touch!
Be the first to get updates and new content

By clicking "SIGN UP" you agree that your personal data will be processed in accordance with our Privacy Policy.

  • Confluent
  • About
  • Careers
  • Contact
  • Professional Services
  • Product
  • Confluent Cloud
  • Confluent Platform
  • Connectors
  • Flink
  • Stream Governance
  • Developer
  • Free Courses
  • Tutorials
  • Event Streaming Patterns
  • Documentation
  • Blog
  • Podcast
  • Community
  • Forum
  • Meetups
  • Kafka Summit
  • Catalysts
Terms & Conditions Privacy Policy Do Not Sell My Information Modern Slavery Policy Cookie Settings Feedback

Copyright © Confluent, Inc. 2014- Apache®️, Apache Kafka®️, Kafka®️, Apache Flink®️, Flink®️, Apache Iceberg®️, Iceberg®️ and associated open source project names are trademarks of the Apache Software Foundation

On this page: