Application permissions

This matrix shows both display name (first column) and code name (second column) for permissions. Knowing code name may be helpful while using API / CLI.

Permission	Code name	Description
View SQL Processors	ViewSQLProcessors	Allows viewing the SQL processors
Manage SQL Processors	ManageSQLProcessors	Allows to add/remove/stop/delete SQL processors
View Schemas	ViewSchemaRegistry	Allows viewing your Schema Registry entries
Manage Schema Registry	ManageSchemaRegistry	Allows to add/remove/update/delete your Schema Registry entries
View Topology	ViewTopology	Allows viewing the data pipeline topology
Manage Topology	ManageTopology	Allows decommissioning topology applications
View Kafka Connectors	ViewConnectors	Allows viewing running Kafka Connectors
Manage Kafka Connectors	ManageConnectors	Allows to add/update/delete/stop Kafka Connectors
View Kafka Consumers	ViewKafkaConsumers	Allows viewing the Kafka Consumers details
Manage Kafka Consumers	ManageKafkaConsumers	Allows changing the Kafka Consumers offset
Connect Clusters Access	-	Allows to use Connect Clusters

View SQL Processors

The permission controls the user access to the SQL processors. A SQL processor is displayed to the user only if the appropriate permissions are in place for the data involved. To view a processor data namespace rules need to be present, and they need to identify the input and output topics involved.

Manage SQL Processors

To create, remove or scale a SQL processor, the user needs to have Manage permission, and:

for all the input topics the user needs to have View Data permissions, and
for all the output topics the user needs to have Insert Data permission for each

View Kafka Connectors

It allows the user to view running Kafka Connect sinks or sources. Similar to SQL processors, only those sinks and sources are visible where the data namespaces rules grants permission to see the topics involved.

Manage Kafka Connectors

Grants the user the action to create a new Kafka Connect sink or source. Namespace rules also restrict the action. In the case of a Connect source, it requires the user to have Insert Data permission for the target topics. For a Connect sink, it requires the user to have View Data permissions for the source topics.

Updating an existing connector follows the same permission restrictions as seen earlier. To delete an existing connector, all that is required is for it to be visible.

View Schema Registry

Grants permission to view the entries present in Schema Registry. A schema entry is visible only if for the corresponding topic the user has, via data namespace rules, View Schema permission.

Manage Schema Registry

Controls the permission to manage your Schema Registry entries. The namespace rules constrain the actions. The user can make amendments to a schema only if for the corresponding topic, Update Schema permission.

View Topology

It allows the user, to View both the Landscape of the Data Flow and Apps Listing:

Topology Page (SQL Processors, Kafka Connect Source/Sink Connectors, Topics, Apps)
Apps in the App Listing Page

Data namespace permissions determines which nodes are rendered for the user.

Manage Topology

It allows the user to “Remove from Lenses” Apps from the app listing page. You need the proper namespace permission in order to be able to view the topology node/listing entry.

View Kafka Consumers

It allows the user to view Kafka consumer groups. A consumer group is visible if the data namespace rules allow the current user to see all the topics involved. If one of the topics a consumer group uses is not visible given the namespace permissions, then the entire consumer group is not visible.

Manage Kafka Consumers

It allows the user to update the topic-partition offsets for a given consumer group.

Connect Clusters Access

It allows the user to see and use Kafka Connect Clusters (eg in Connectors, SQL Processors and Topology). Code name of this permission is simply the name of the Kafka Connect Cluster connection.