documentation
Get Started Free
  • Get Started Free
  • Stream
      Confluent Cloud

      Fully-managed data streaming platform with a cloud-native Kafka engine (KORA) for elastic scaling, with enterprise security, stream processing, governance.
      Confluent Platform

      An on-premises enterprise-grade distribution of Apache Kafka with enterprise security, stream processing, governance.
  • Connect
      Managed

      Use fully-managed connectors with Confluent Cloud to connect to data sources and sinks.
      Self-Managed

      Use self-managed connectors with Confluent Platform to connect to data sources and sinks.
  • Govern
      Managed

      Use fully-managed Schema Registry and Stream Governance with Confluent Cloud.
      Self-Managed

      Use self-managed Schema Registry and Stream Governance with Confluent Platform.
  • Process
      Managed

      Use Flink on Confluent Cloud to run complex, stateful, low-latency streaming applications.
      Self-Managed

      Use Flink on Confluent Platform to run complex, stateful, low-latency streaming applications.
Stream
Confluent Cloud

Fully-managed data streaming platform with a cloud-native Kafka engine (KORA) for elastic scaling, with enterprise security, stream processing, governance.
Confluent Platform

An on-premises enterprise-grade distribution of Apache Kafka with enterprise security, stream processing, governance.
Connect
Managed

Use fully-managed connectors with Confluent Cloud to connect to data sources and sinks.
Self-Managed

Use self-managed connectors with Confluent Platform to connect to data sources and sinks.
Govern
Managed

Use fully-managed Schema Registry and Stream Governance with Confluent Cloud.
Self-Managed

Use self-managed Schema Registry and Stream Governance with Confluent Platform.
Process
Managed

Use Flink on Confluent Cloud to run complex, stateful, low-latency streaming applications.
Self-Managed

Use Flink on Confluent Platform to run complex, stateful, low-latency streaming applications.
Learn
Get Started Free
  1. Home
  2. Platform
  3. Security
  4. Authorization

CONFLUENT PLATFORM

  • Overview
  • Get Started
    • What is Confluent Platform?
    • Quick Start for Confluent Platform
    • Kafka Basics
    • Apache Kafka Introduction
    • Videos, Demos, and Reading Material
      • Scripted Confluent Platform Demo
        • Overview
        • Deploy Confluent Platform Environment
        • Deploy Hybrid Confluent Platform and Cloud Environment
        • End Demo
        • Troubleshooting
      • Tutorial: Introduction to Streaming Application Development
      • Clickstream Data Analysis Pipeline Using ksqlDB
      • RBAC Example for Confluent Platform
      • Replicator Schema Translation Example for Confluent Platform
      • DevOps for Kafka with Kubernetes and GitOps
        • Overview
        • Kafka DevOps Case Studies
          • Case Study: Graduated Environments
          • Case Study: Manage Cloud Secrets
          • Case Study: Kafka Connect management with GitOps
    • Resources
  • Install and Upgrade
    • Overview
    • System Requirements
    • Install Manually
      • ZIP and TAR
      • Ubuntu and Debian
      • RHEL and CentOS
      • Docker
        • Install using Docker
        • Docker Configuration Parameters
        • Docker Image Reference
        • Docker Security
        • Docker Developer Guide
      • Configure Automatic Startup and Monitoring
    • Deploy with Ansible Playbooks
    • Deploy with Confluent for Kubernetes
    • Understand Licenses
    • Upgrade Confluent Platform
      • Overview
      • Upgrade Confluent Platform
    • Supported Versions and Interoperability
    • Installation Packages
    • Migrate from Apache Kafka
    • Migrate an Existing Kafka Deployment
    • Migrate to Confluent Server
    • Migrate from ZooKeeper to KRaft (EA)
  • Build Client Applications
    • Overview
    • Configure Clients
      • Consumer
      • Producer
      • Schemas, Serializers, and Deserializers
      • Configuration Properties
    • Client Guides
      • Python
      • .NET Client
      • JavaScript Client
      • Go Client
      • C++ Client
      • Java Client
      • JMS Client
        • Overview
        • Development Guide
    • Client Examples
      • Overview
      • Python Client
      • .NET Client
      • JavaScript Client
      • Go Client
      • C++ Client
      • Java
      • Spring Boot
      • KafkaProducer
      • REST
      • Clojure
      • Groovy
      • Kafka Connect Datagen
      • kafkacat
      • Kotlin
      • Ruby
      • Rust
      • Scala
    • Kafka Client APIs
      • Python Client API
      • .NET Client API
      • JavaScript Client API
      • Go Client API
      • C++ Client API
      • Java Client API
      • JMS Client
        • Overview
        • Development Guide
    • Deprecated Client APIs
    • MQTT Proxy
      • Overview
      • Secure Communication
      • Configure
  • Confluent REST Proxy for Apache Kafka
    • Overview
    • Quick Start
    • API Reference
    • Production Deployment
      • Overview
      • Deploy REST Proxy for Confluent Server
        • Configure REST Admin APIs
        • Configure Security
      • Deploy a Standalone REST Proxy node
        • Overview
        • Configuration
        • Monitoring
        • Secure REST Proxy
    • REST Proxy Tutorial
    • Connect to Confluent Cloud
  • ksqlDB and Kafka Streams for Confluent Platform
    • Overview
    • ksqlDB
      • Overview
      • Quickstart
      • Install
      • Operate
      • Upgrade
      • Develop Applications
      • Run ksqlDB in Confluent Cloud
      • Connect Self-Managed ksqlDB to Confluent Cloud
      • Run ksqlDB in Control Center
      • Connect Standalone ksqlDB to Control Center
      • Secure ksqlDB with RBAC
      • Frequently Asked Questions
      • Troubleshoot
      • Tutorials and Examples
        • Overview
        • How-to Guides
        • Example Code
        • Materialized View
        • Streaming ETL Pipeline
        • Event-Driven Microservice
        • Read and Write External Data Stores with Connect
        • Build Clickstream Data Analysis Pipeline
    • Kafka Streams
      • Overview
      • Streams API
      • Build a Streams Application
      • Tutorial: Introduction to Streaming Application Development
      • Connect Streams to Confluent Cloud
      • Concepts
      • Architecture
      • Examples
      • Developer Guide
        • Overview
        • Write a Streams Application
        • Configure
        • Run a Streams Application
        • Test
        • Domain Specific Language
        • Name Domain Specific Language Topologies
        • Optimize Topologies
        • Processor API
        • Data Types and Serialization
        • Interactive Queries
        • Memory
        • Manage Application Topics
        • Security
        • Reset Streams Applications
      • Build Pipeline with Connect and Streams
      • Operations
        • Plan and Size
        • Monitor
      • Upgrade
      • Frequently Asked Questions
      • Javadocs
  • Connect to External Systems
    • Overview
    • Get Started
    • Kafka Connect 101
    • Connectors
    • Confluent Hub
      • Overview
      • Confluent Hub Client
      • Command Reference
        • Overview
        • confluent-hub help
        • confluent-hub install
      • Component Archive Specification
      • Contribute to Confluent Hub
    • Connect on z/OS
    • Install
    • License
    • Supported
    • Preview
    • Configure
    • Monitor
    • Logging
    • Connect to Confluent Cloud
    • Developer Guide
    • Tutorial: Moving Data In and Out of Kafka
    • Reference
      • Kafka Connect Javadocs
      • REST interface
      • Kafka Connect Worker Configuration Properties for Confluent Platform
      • Connector Configuration Properties for Confluent Platform
    • Transform
    • Security
      • Kafka Connect Security Basics
      • Kafka Connect and RBAC
        • Get Started With RBAC and Kafka Connect
        • Configure RBAC for a Connect Cluster
        • Configure RBAC for a Connect Worker
        • RBAC for self-managed connectors
        • Connect Secret Registry
        • Example Connect role-binding sequence
    • Design
    • Add Connectors and Software
    • Install Community Connectors
    • Upgrade
    • Troubleshoot
    • FileStream Connectors
    • FAQ
  • Manage Schema Registry and Govern Data Streams
    • Overview
    • Get Started with Schema Registry Tutorial
    • Install and Configure
      • Install
      • Configure Schema Registry
      • Configure Clients to Schema Registry
      • Deploy in Production
      • Deployment Architectures
      • Use Schema Registry to Migrate Schemas in Confluent Platform
    • Fundamentals
      • Concepts
      • Schema Evolution and Compatibility for Schema Registry on Confluent Platform
      • Schema Formats for Schema Registry on Confluent Platform
        • Serializers and Deserializers Overview
        • Avro
        • Protobuf
        • JSON Schema
      • Data Contracts
    • Manage Schemas
      • Overview
      • Use Schema Contexts in Confluent Platform
      • Link Schemas
      • Validate Schemas
      • Monitor
      • Delete Schemas
      • Integrate Schemas from Connectors
    • Security
      • Overview
      • Configure Role-Based Access Control
      • Schema Registry Security Plugin
        • Overview
        • Install
        • Schema Registry Authorization
          • Operation and Resource Support
          • Role-Based Access Control
          • ACL Authorizer
          • Topic ACL Authorizer
    • Reference
      • Overview
      • Maven Plugin
      • API
      • API Examples
    • FAQ
  • Security
    • General Security
      • Security Overview
      • Security Tutorial
      • Configure Confluent Server Authorizer
      • Cluster Registry
      • Security Compliance
      • Prefixes for Configuring Security
    • Authentication
      • Authentication Methods Overview
      • Authenticate with SASL
        • SASL using JAAS
        • SASL/GSSAPI
        • OAUTHBEARER
        • SASL/PLAIN
        • SASL/SCRAM
        • Authentication using Delegation Tokens
        • Kafka Client Authentication with LDAP
      • Encrypt and Authenticate with TLS
      • HTTP Basic Authentication
      • Adding security to a running cluster
    • Authorization
      • Authorization using Role-Based Access Control
        • RBAC Overview
        • Quick Start
        • Predefined Roles
        • Enable RBAC in a Running Cluster
        • Discover Identifiers for Clusters
        • Configuring Token Authentication
        • Confluent Metadata API Reference
        • RBAC Example for Confluent Platform
      • Configure RBAC using the REST API
      • ACLs
        • Authorization Using Centralized ACLs
        • Authorization using Access Control Lists (ACLs)
      • Group-Based Authorization Using LDAP
        • Configure Confluent Server Authorizer
        • Configuring LDAP
        • Tutorial: Group-Based Authorization Using LDAP
    • Data Protection
      • Audit Logs
        • Audit Log Concepts
        • Auditable Events
        • Configure Audit Logs using the Confluent CLI
        • Configure MDS to Manage Centralized Audit Logs
        • MDS API Audit Log Configuration
        • Configure Audit Logs using the Properties File
      • Encrypt with TLS
      • Secrets
        • Secrets Management
        • Tutorial: Secret Protection
      • Redact Confluent Logs
    • Component Security
      • Confluent Control Center (Legacy) Security
        • Overview
        • Configure TLS
        • Configure SASL
        • Configure HTTP Basic Authentication
        • Authorize with Kafka ACLs
        • Configure LDAP
        • Configure RBAC
        • Use SSO for Confluent Control Center
          • Single Sign-on (SSO) for Confluent Control Center
          • Configure SSO using OIDC
          • Troubleshoot
        • Manage and View RBAC Roles
          • Log in to Control Center (Legacy) when RBAC enabled
          • Manage RBAC roles with Control Center (Legacy)
          • View your RBAC roles in Control Center (Legacy)
        • TLS and HTTP Basic Authentication among Control Center Components
      • Schema Registry Security
      • Kafka Connect Security
        • Kafka Connect Security Basics
        • Kafka Connect and RBAC
          • Get Started With RBAC and Kafka Connect
          • Configure RBAC for a Connect Cluster
          • Configure RBAC for a Connect Worker
          • RBAC for self-managed connectors
          • Connect Secret Registry
          • Example Connect role-binding sequence
      • KRaft Security
      • ksqlDB RBAC
      • REST Proxy Security
        • Deploy Secure Standalone REST Proxy in Confluent Platform
        • REST Proxy Security Plugins
      • ZooKeeper Security
    • Security Management Tools
      • Ansible Playbooks for Confluent Platform
      • Docker Security for Confluent Platform
  • Deploy Confluent Platform in a Multi-Datacenter Environment
    • Overview
    • Multi-Data Center Architectures
    • Cluster Linking
      • Overview
      • Tutorials
        • Share Data Across Topics
        • Link Hybrid Cloud and Bridge-to-Cloud Clusters
        • Migrate Data
      • Manage
        • Manage Mirror Topics
        • Configure
        • Command Reference
        • Monitor
        • Security
      • FAQ
    • Multi-Region Clusters
      • Overview
      • Tutorial: Configure Multi-Region Clusters in Confluent Platform
      • Tutorial: Move Active-Passive to Multi-Region
    • Replicate Topics Across Kafka Clusters in Confluent Platform
      • Overview
      • Example: Active-active Multi-Datacenter
      • Tutorial: Replicate Data Across Clusters
      • Tutorial: Run as an Exceutable or Connector
      • Configure
      • Verify Configuration
      • Tune
      • Monitor
      • Configure for Cross-Cluster Failover
      • Migrate from MirrorMaker to Replicator
  • Configure and Manage
    • Confluent Control Center (Legacy)
      • Overview
      • Manage
        • Overview
        • Customize
        • License Management
        • Monitor Production and Consumption
        • Logs
        • Auto-update and Version
        • Upgrade
        • Troubleshoot
        • Configuration Reference
        • Connect Control Center to Confluent Cloud
        • Control Center and Kafka
      • Clusters
        • Overview
        • Manage
      • Brokers
      • Topics
        • Overview
        • Create
        • Topic Metrics
        • Message Browser
        • Manage Schemas
        • Configure Topics
        • Delete Topics
      • Connect
      • ksqlDB
      • Consumers
      • Replicators
      • Alerts
        • Overview
        • Access Alerts and Alert History
        • Configure Alerts
        • Manage Triggers
        • Manage Actions
        • Configure PagerDuty
        • REST API for Alerts History
        • Examples
        • Troubleshoot
      • Security
    • Configuration Reference
      • Overview
      • Configure Brokers and Controllers
      • Configure Topics
      • Configure Consumers
      • Configure Producers
      • Configure Connect
        • Overview
        • Configure Sink Connectors
        • Configure Source Connectors
      • Configure AdminClient
      • Configure Licenses
      • Configure Streams
    • Change Configurations Without Restart
    • CLI Tools For Use With Confluent Platform
      • CLI Tools Shipped With Confluent Platform
      • Confluent CLI
      • Generate Diagnostics with the Diagnostics Bundle Tool
      • kcat (formerly kafkacat) Utility
    • Kafka Metadata Management
      • Metadata Management in Kafka
      • KRaft Overview
      • Configure KRaft
      • Configure ZooKeeper
    • Manage Clusters
      • Manage Clusters
      • Manage Self-Balancing Clusters
        • Overview
        • Quick Start
        • Tutorial: Adding and Remove Brokers
        • Configure
        • Performance and Resource Usage
      • Auto Data Balancing
        • Overview
        • Quick Start
        • Tutorial: Add and Remove Brokers
        • Configure
      • Tiered Storage
    • Confluent Platform Metadata Service (MDS)
      • Configure the Confluent Platform Metadata Service (MDS)
      • Configure Confluent Platform Components to Communicate with MDS over TLS
      • Configure mTLS Authentication and RBAC for Kafka Brokers
      • Configure Kerberos Authentication for Brokers Running MDS
      • Configure LDAP Authentication
      • Configure LDAP Group-Based Authorization for MDS
      • Configure MDS to Manage Centralized Audit Logs
      • Metadata Service Configuration Settings
      • Confluent Metadata API Reference
    • Docker Operations
      • Overview
      • Kafka Monitoring and Metrics Using JMX
      • Configure Docker Logging
      • Mounting Docker External Volumes
      • Configure a Multi-Node Environment with Docker
    • Running Kafka in Production
    • Post Kafka Deployment
  • Monitor
    • Monitor Kafka with JMX
    • Use Metrics Reporter
    • Monitor Consumer Lag
  • Confluent Health+
    • Health+ Overview
    • Enable Health+
    • Health+ Intelligent Alerts
    • Health+ Monitoring Dashboard
    • Confluent Telemetry Reporter
    • Telemetry Reporter Metrics
    • Confluent Health+ FAQ
  • Confluent CLI
  • Release Notes
    • Release Notes
    • Component Changelogs
  • APIs and Javadocs for Confluent Platform
    • API and Javadocs for Confluent Platform
    • Kafka API and Javadocs for Confluent Platform
      • Kafka Java Client APIs
      • Kafka Producer Java API
      • Kafka Consumer Java API
      • Kafka AdminClient Java API
      • Kafka Common Java API
      • Kafka Streams Java API
      • Kafka Connect Java API
    • Client APIs
      • Python Client API
      • .NET Client API
      • JavaScript Client API
      • Go Client API
      • C++ Client API
      • Java Client API
      • JMS Client
        • Overview
        • Development Guide
    • Confluent APIs
      • Overview
      • Confluent REST Proxy API
        • Overview
        • Quick Start
        • API Reference
        • Production Deployment
          • Overview
          • Deploy REST Proxy for Confluent Server
            • Configure REST Admin APIs
            • Configure Security
          • Deploy a Standalone REST Proxy node
            • Overview
            • Configuration
            • Monitoring
            • Secure REST Proxy
        • REST Proxy Tutorial
        • Connect to Confluent Cloud
      • Connect REST API
      • ksqlDB REST API
      • Metadata API
      • Schema Registry API
  • Glossary

Authorization using Role-Based Access Control¶

  • RBAC Overview
  • Quick Start
  • Predefined Roles
  • Enable RBAC in a Running Cluster
  • Discover Identifiers for Clusters
  • Configuring Token Authentication
  • Confluent Metadata API Reference
  • RBAC Example for Confluent Platform

Was this doc page helpful?

Give us feedback

Do you still need help?

Confluent support portal Ask the community
Thank you. We'll be in touch!
Be the first to get updates and new content

By clicking "SIGN UP" you agree that your personal data will be processed in accordance with our Privacy Policy.

  • Confluent
  • About
  • Careers
  • Contact
  • Professional Services
  • Product
  • Confluent Cloud
  • Confluent Platform
  • Connectors
  • Flink
  • Stream Governance
  • Developer
  • Free Courses
  • Tutorials
  • Event Streaming Patterns
  • Documentation
  • Blog
  • Podcast
  • Community
  • Forum
  • Meetups
  • Kafka Summit
  • Catalysts
Terms & Conditions Privacy Policy Do Not Sell My Information Modern Slavery Policy Cookie Settings Feedback

Copyright © Confluent, Inc. 2014- Apache®️, Apache Kafka®️, Kafka®️, Apache Flink®️, Flink®️, Apache Iceberg®️, Iceberg®️ and associated open source project names are trademarks of the Apache Software Foundation

On this page:
    OSZAR »