Schema Registry Authorization

The Schema Registry security plugin provides authorization for various Schema Registry operations. Operations that are supported by the authorizers together with their corresponding Schema Registry URIs are listed below

SCHEMA REGISTRY OPERATION RESOURCE
SUBJECT_READ
GET /subjects/(string: subject)/versions
GET /subjects/(string: subject)/versions/(versionId: version)
SUBJECT_WRITE
POST /subjects/(string: subject)/versions
POST /subjects/(string: subject)
POST /compatibility/subjects/(string: subject)/versions/(versionId: version)
SUBJECT_DELETE
DELETE /subjects/(string: subject)/versions/(versionId: version)
DELETE /subjects/(string: subject)
SCHEMA_READ
GET /schemas/ids/{int: id}
SUBJECT_COMPATIBILITY_READ
GET /config/(string: subject)
SUBJECT_COMPATIBILITY_WRITE
PUT /config/(string: subject)
GLOBAL_COMPATIBILITY_READ
GET /config
GLOBAL_COMPATIBILITY_WRITE
PUT /config
GLOBAL_SUBJECTS_READ
GET /subjects

For more information, refer to Schema Registry API

Incoming requests are mapped to a Schema Registry Operation as outlined in above table, after which the request is authorized using the configured authorizer:

confluent.schema.registry.authorizer.class

The implementation used to authorize Schema Registry requests. This needs to be an implementation of the interface SchemaRegistryAuthorizer.

  • Type: string
  • Default: “”
  • Importance: high

We provide two authorizers out of the box. You can configure either of them based on the need.