问题描述

我在 Confluent Platform 的基于云的免费试用中找不到控制主题级别权限的选项.你能建议如何配置吗?

I'm not able to find Option to control the Topic level permission in Cloud Based Free Trial of Confluent Platform. Can you please suggest on how to configure ?

推荐答案

Confluent Cloud 基于角色的访问控制 (RBAC) 提供了一种使用预定义角色控制对组织、环境或集群配置的访问的方法.RBAC 通过隔离用户和服务帐户访问权限并允许将授权委派给适当的业务部门和团队，使企业能够保护其生产环境.

Confluent Cloud role-based access control (RBAC) provides a method to control access to an organization, environment, or cluster configuration using predefined roles. RBAC enables enterprises to protect their production environment by isolating user and service account access and allowing for the delegation of authorization to the appropriate business units and teams.

要控制对集群内特定资源(例如 Kafka 主题或 ksqlDB 应用程序)的访问，请继续使用 ACL.

To control access to specific resources within a cluster, such as Kafka topics or ksqlDB applications, continue to use ACLs.

RBAC 不为 Kafka 资源(如主题)提供细粒度的支持，也不为单个连接器、ksqlDB 应用程序和架构主题提供细粒度的访问控制.

RBAC does not provide granular support for Kafka resources (like topics), nor does it provide granular access control for individual connectors, ksqlDB applications, and schema subjects.

ACL 不受控制中心管理

ACL are not manged by the Control Center

https://docs.confluent.io/cloud/current/access-management/cloud-rbac.htm

ACL 使用 Confluent Cloud CLI 进行管理.有关 Kafka ACL 的完整列表，请参阅使用 ACL 进行授权.

ACLs are managed using the Confluent Cloud CLI. For a complete list of Kafka ACLs, see Authorization using ACLs.

https://docs.confluent.io/ccloud-cli/current/command-reference/kafka/acl/index.html#ccloud-kafka-acl

 ccloud kafka acl create --allow --service-account sa-55555 --operation READ --operation DESCRIBE --consumer-group java_example_group_1
 ccloud kafka acl create --allow --service-account sa-55555 --operation READ --operation DESCRIBE --topic '*'

这篇关于通过控制中心控制 Confluent Cloud 中的 Topic 级别权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！