Schema Registry Authorization

The Schema Registry security plugin provides authorization for various Schema Registry operations. Operations that are supported by the authorizers together with their corresponding Schema Registry URIs are listed below

SCHEMA REGISTRY OPERATION	RESOURCE
SUBJECT_READ	GET /subjects/(string: subject)/versions GET /subjects/(string: subject)/versions/(versionId: version)
SUBJECT_WRITE	POST /subjects/(string: subject)/versions POST /subjects/(string: subject) POST /compatibility/subjects/(string: subject)/versions/(versionId: version)
SUBJECT_DELETE	DELETE /subjects/(string: subject)/versions/(versionId: version) DELETE /subjects/(string: subject)
SCHEMA_READ	GET /schemas/ids/{int: id}
SUBJECT_COMPATIBILITY_READ	GET /config/(string: subject)
SUBJECT_COMPATIBILITY_WRITE	PUT /config/(string: subject)
GLOBAL_COMPATIBILITY_READ	GET /config
GLOBAL_COMPATIBILITY_WRITE	PUT /config
GLOBAL_SUBJECTS_READ	GET /subjects

For more information, refer to Schema Registry API

Incoming requests are mapped to a Schema Registry Operation as outlined in above table, after which the request is authorized using the configured authorizer:

confluent.schema.registry.authorizer.class

The implementation used to authorize Schema Registry requests. This needs to be an implementation of the interface SchemaRegistryAuthorizer.

• Type: string
• Default: “”
• Importance: high

We provide two authorizers out of the box. You can configure either of them based on the need.

• Schema Registry ACL Authorizer
  • Schema Registry ACL CLI
    • Adding ACLs
    • Removing ACLs
    • List ACLs
• Topic ACL Authorizer