Schema Registry Authorization

Describes authorization for Kafka Schema Registry.

In secure clusters, authorization is enabled by default.

You can enable or disable authorization for the Schema Registry in the <schema-registry-dir>/etc/schema-registry/schema-registry.properties file through the following option:
authorization.enable=[true|false]

Permissions

Permissions grant access to internal data in the Schema Registry, such as schemas, subjects, and server configurations. Read permission grants access to view data. Modify permission grants access to add, update, and remove data.

The following sections describe operations that require read and modify access.
NOTE
To avoid any unexpected behaviours when using Schema Registry with KSQL, Kafka Rest, Kafka Connect, or custom Java applications, both read and modify permissions are required.

REST API Operations that Require Read Access

GET /schemas/ids/{int: id}
Get the schema string identified by the input ID.
GET /subjects/
Get a list of versions registered under the specified subject.
GET /subjects/(string: subject)/versions/(versionId: version)
Get a specific version of the schema registered under this subject.
GET /subjects/(string: subject)/versions/(versionId: version)/schema
Get the avro schema for the specified version of this subject.
GET /config
Get global compatibility level.
GET /config/(string: subject)
Get compatibility level for a subject.
POST /subjects/(string: subject)
Check if a schema has already been registered under the specified subject. If so, this returns the schema string along with its globally unique identifier, its version under this subject and the subject name.
POST /compatibility/subjects/(string: subject)/versions/(versionId: version)
Test input schema against a particular version of a subject's schema for compatibility.

REST API Operations that Require Modify Access

DELETE /subjects/(string: subject)
Deletes the specified subject and its associated compatibility level if registered.
POST /subjects/(string: subject)/versions
Register a new schema under the specified subject.
DELETE /subjects/(string: subject)/versions/(versionId: version)
Deletes a specific version of the schema registered under this subject.
PUT /config
Update global compatibility level.
PUT /config/(string: subject)
Update compatibility level for the specified subject.