Schema Registry Authorization
Describes authorization for Kafka Schema Registry.
In secure clusters, authorization is enabled by default.
You can enable or disable authorization for the Schema Registry in the
<schema-registry-dir>/etc/schema-registry/schema-registry.properties
file through the following option:authorization.enable=[true|false]
Permissions
Permissions grant access to internal data in the Schema Registry, such as schemas, subjects, and server configurations. Read permission grants access to view data. Modify permission grants access to add, update, and remove data.
The following sections describe operations that require read and modify
access.
NOTE
To avoid any unexpected behaviours when using Schema Registry with KSQL,
Kafka Rest, Kafka Connect, or custom Java applications, both read and modify
permissions are required.REST API Operations that Require Read Access
- GET /schemas/ids/{int: id}
- Get the schema string identified by the input ID.
- GET /subjects/
- Get a list of versions registered under the specified subject.
- GET /subjects/(string: subject)/versions/(versionId: version)
- Get a specific version of the schema registered under this subject.
- GET /subjects/(string: subject)/versions/(versionId: version)/schema
- Get the avro schema for the specified version of this subject.
- GET /config
- Get global compatibility level.
- GET /config/(string: subject)
- Get compatibility level for a subject.
- POST /subjects/(string: subject)
- Check if a schema has already been registered under the specified subject. If so, this returns the schema string along with its globally unique identifier, its version under this subject and the subject name.
- POST /compatibility/subjects/(string: subject)/versions/(versionId: version)
- Test input schema against a particular version of a subject's schema for compatibility.
REST API Operations that Require Modify Access
- DELETE /subjects/(string: subject)
- Deletes the specified subject and its associated compatibility level if registered.
- POST /subjects/(string: subject)/versions
- Register a new schema under the specified subject.
- DELETE /subjects/(string: subject)/versions/(versionId: version)
- Deletes a specific version of the schema registered under this subject.
- PUT /config
- Update global compatibility level.
- PUT /config/(string: subject)
- Update compatibility level for the specified subject.