Application permissions

PermissionDescription
View SQL ProcessorsAllows viewing the SQL processors
Manage SQL ProcessorsAllows to add/remove/stop/delete SQL processors
View SchemasAllows viewing your Schema Registry entries
Manage Schema RegistryAllows to add/remove/update/delete your Schema Registry entries
View TopologyAllows viewing the data pipeline topology
Manage TopologyAllows decommissioning topology applications
View Kafka ConnectorsAllows viewing running Kafka Connectors
Manage Kafka ConnectorsAllows to add/update/delete/stop Kafka Connectors
View Kafka ConsumersAllows viewing the Kafka Consumers details
Manage Kafka ConsumersAllows changing the Kafka Consumers offset

View SQL Processors 

The permission controls the user access to the SQL processors. A SQL processor is displayed to the user only if the appropriate permissions are in place for the data involved. To view a processor data namespace rules need to be present, and they need to identify the input and output topics involved.

Manage SQL Processors 

To create, remove or scale a SQL processor, the user needs to have Manage permission, and:

  • for all the input topics the user needs to have View Data permissions, and
  • for all the output topics the user needs to have Insert Data permission for each

View Kafka Connectors 

It allows the user to view running Kafka Connect sinks or sources. Similar to SQL processors, only those sinks and sources are visible where the data namespaces rules grants permission to see the topics involved.

Manage Kafka Connectors 

Grants the user the action to create a new Kafka Connect sink or source. Namespace rules also restrict the action. In the case of a Connect source, it requires the user to have Insert Data permission for the target topics. For a Connect sink, it requires the user to have View Data permissions for the source topics.

Updating an existing connector follows the same permission restrictions as seen earlier. To delete an existing connector, all that is required is for it to be visible.

View Schema Registry 

Grants permission to view the entries present in Schema Registry. A schema entry is visible only if for the corresponding topic the user has, via data namespace rules, View Schema permission.

Manage Schema Registry 

Controls the permission to manage your Schema Registry entries. The namespace rules constrain the actions. The user can make amendments to a schema only if for the corresponding topic, Update Schema permission.

View Topology 

It allows the user, to View both the Landscape of the Data Flow and Apps Listing:

  • Topology Page (SQL Processors, Kafka Connect Source/Sink Connectors, Topics, Apps)
  • Apps in the App Listing Page

Data namespace permissions determines which nodes are rendered for the user.

Manage Topology 

It allows the user to “Remove from Lenses” Apps from the app listing page. You need the proper namespace permission in order to be able to view the topology node/listing entry.

View Kafka Consumers 

It allows the user to view Kafka consumer groups. A consumer group is visible if the data namespace rules allow the current user to see all the topics involved. If one of the topics a consumer group uses is not visible given the namespace permissions, then the entire consumer group is not visible.

Manage Kafka Consumers 

It allows the user to update the topic-partition offsets for a given consumer group.