Schema Registry Authorization¶
The Schema Registry security plugin provides authorization for various Schema Registry operations. Operations that are supported by the authorizers together with their corresponding Schema Registry URIs are listed below
SCHEMA REGISTRY OPERATION | RESOURCE |
SUBJECT_READ |
|
SUBJECT_WRITE |
|
SUBJECT_DELETE |
|
SCHEMA_READ |
|
SUBJECT_COMPATIBILITY_READ |
|
SUBJECT_COMPATIBILITY_WRITE |
|
GLOBAL_COMPATIBILITY_READ |
|
GLOBAL_COMPATIBILITY_WRITE |
|
GLOBAL_SUBJECTS_READ |
|
For more information, refer to Schema Registry API
Incoming requests are mapped to a Schema Registry Operation as outlined in above table, after which the request is authorized using the configured authorizer:
confluent.schema.registry.authorizer.class
The implementation used to authorize Schema Registry requests. This needs to be an implementation of the interface SchemaRegistryAuthorizer.
- Type: string
- Default: “”
- Importance: high
We provide two authorizers out of the box. You can configure either of them based on the need.