This matrix shows both
display name (first column) and
code name (second column) for permissions.
code name may be helpful while using API / CLI.
|View SQL Processors||ViewSQLProcessors||Allows viewing the SQL processors|
|Manage SQL Processors||ManageSQLProcessors||Allows to add/remove/stop/delete SQL processors|
|View Schemas||ViewSchemaRegistry||Allows viewing your Schema Registry entries|
|Manage Schema Registry||ManageSchemaRegistry||Allows to add/remove/update/delete your Schema Registry entries|
|View Topology||ViewTopology||Allows viewing the data pipeline topology|
|Manage Topology||ManageTopology||Allows decommissioning topology applications|
|View Kafka Connectors||ViewConnectors||Allows viewing running Kafka Connectors|
|Manage Kafka Connectors||ManageConnectors||Allows to add/update/delete/stop Kafka Connectors|
|View Kafka Consumers||ViewKafkaConsumers||Allows viewing the Kafka Consumers details|
|Manage Kafka Consumers||ManageKafkaConsumers||Allows changing the Kafka Consumers offset|
|Connect Clusters Access||-||Allows to use Connect Clusters|
The permission controls the user access to the SQL processors. A SQL processor is displayed to the user only if the appropriate permissions are in place for the data involved. To view a processor data namespace rules need to be present, and they need to identify the input and output topics involved.
To create, remove or scale a SQL processor, the user needs to have Manage permission, and:
- for all the input topics the user needs to have View Data permissions, and
- for all the output topics the user needs to have Insert Data permission for each
It allows the user to view running Kafka Connect sinks or sources. Similar to SQL processors, only those sinks and sources are visible where the data namespaces rules grants permission to see the topics involved.
Grants the user the action to create a new Kafka Connect sink or source. Namespace rules also restrict the action. In the case of a Connect source, it requires the user to have Insert Data permission for the target topics. For a Connect sink, it requires the user to have View Data permissions for the source topics.
Updating an existing connector follows the same permission restrictions as seen earlier. To delete an existing connector, all that is required is for it to be visible.
Grants permission to view the entries present in Schema Registry. A schema entry is visible only if for the corresponding topic the user has, via data namespace rules, View Schema permission.
Controls the permission to manage your Schema Registry entries. The namespace rules constrain the actions. The user can make amendments to a schema only if for the corresponding topic, Update Schema permission.
It allows the user, to View both the Landscape of the Data Flow and Apps Listing:
- Topology Page (SQL Processors, Kafka Connect Source/Sink Connectors, Topics, Apps)
- Apps in the App Listing Page
Data namespace permissions determines which nodes are rendered for the user.
It allows the user to “Remove from Lenses” Apps from the app listing page. You need the proper namespace permission in order to be able to view the topology node/listing entry.
It allows the user to view Kafka consumer groups. A consumer group is visible if the data namespace rules allow the current user to see all the topics involved. If one of the topics a consumer group uses is not visible given the namespace permissions, then the entire consumer group is not visible.
It allows the user to update the topic-partition offsets for a given consumer group.
It allows the user to see and use Kafka Connect Clusters (eg in Connectors, SQL Processors and Topology).
Code name of this permission is simply the name of the Kafka Connect Cluster connection.