SlideShare a Scribd company logo

Confluent Platform Security Components

Download as PPTX, PDF
confluent
confluent

Die Bereitstellung und der Betrieb eines verteilten und skalierbaren Datensystems kann eine Herausforderung darstellen. Wenn die Plattform skaliert wird, um zusätzliche Use Cases zu unterstützen, stehen Unternehmen vor Herausforderungen wie langen Bereitstellungszyklen, betrieblicher Komplexität oder Schwierigkeiten bei der Gewährleistung von Security auf Unternehmensebene.Eine umfassende Sicherheitsstrategie beinhaltet die Sicherstellung des Zugriffs auf Ressourcen auf eine Weise, die einfach genug zu begründen ist, aber dennoch flexibel genug, um die Sicherheitsrichtlinien Ihres Unternehmens präzise umzusetzen. Wenn die Nutzung von Event Streaming zunimmt, müssen Sie möglicherweise Dutzenden oder sogar Hunderten von Benutzern/Service-Accounts Zugriff gewähren. Dazu gehören nicht nur Kafka, sondern auch Connect, KSQL, Schema Registry usw., und es erfordert eine neue Denkweise über die Autorisierung.In diesem Webinar stellen wir die neuen Security-Komponenten (Role Based Access Control -RBAC und Secret Protection) von Confluent Platform live vor und gehen auch auf die Best Practices in diesem Umfeld ein.

Technology
1 of 11
1C O N F I D E N T I A L Confluent Platform Security Components Suvad Sahovic suvad@confluent.io
2C O N F I D E N T I A L RBAC
3C O N F I D E N T I A L Challenges #1
4C O N F I D E N T I A L C3 KSQL REST Proxy SR CONN. Challenges #2
5C O N F I D E N T I A L C3 KSQL REST Proxy SR CONN.
6C O N F I D E N T I A L 6 Managing Role Binding Role Binding Users/groups Roles ● Privileged users can setup, view and manage roles for others ● This includes both users and groups ● User/Group information is integrated with AD/LDAP ● In preview, the management of roles is done through the new CLI Resource scoping 5.3 Release
7C O N F I D E N T I A L 7 Enforcing Authorization CLIGUI API RBAC authorization ● User access to the platform is authorized based on their role ● Enforcement is done across all user interfaces: CLI, Control Center (GUI), and APIs ● RBAC works with Apache Kafka ACLs Role Binding 5.3 Release
8C O N F I D E N T I A L 8 RBAC RBAC Predefined roles Developer SystemAdmin UserAdminsuper.user ClusterAdminResourceOwner Operator SecurityAdmin Available now
9C O N F I D E N T I A L D E M O
10
11 RBAC role binding ./confluent iam rolebinding create --principal Group:m3ddev --role DeveloperWrite --resource Connector:m3d-connector- --prefix --kafka-cluster-id OGpC-FNLTV6MHVOM8ZDj5g --connect-cluster-id connect-cluster

Recommended

Introducing Confluent labs Parallel Consumer client | Anthony Stubbes, Confluent
Introducing Confluent labs Parallel Consumer client | Anthony Stubbes, ConfluentIntroducing Confluent labs Parallel Consumer client | Anthony Stubbes, Confluent
Introducing Confluent labs Parallel Consumer client | Anthony Stubbes, ConfluentHostedbyConfluent
 
Microservices with Node.js and Apache Cassandra
Microservices with Node.js and Apache CassandraMicroservices with Node.js and Apache Cassandra
Microservices with Node.js and Apache CassandraJorge Bay Gondra
 
Scaling Security on 100s of Millions of Mobile Devices Using Apache Kafka® an...
Scaling Security on 100s of Millions of Mobile Devices Using Apache Kafka® an...Scaling Security on 100s of Millions of Mobile Devices Using Apache Kafka® an...
Scaling Security on 100s of Millions of Mobile Devices Using Apache Kafka® an...confluent
 
Service Discovery and Registration in a Microservices Architecture
Service Discovery and Registration in a Microservices ArchitectureService Discovery and Registration in a Microservices Architecture
Service Discovery and Registration in a Microservices ArchitecturePLUMgrid
 
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0NGINX, Inc.
 
MuleSoft Meetup Vancouver 5th Virtual Event
MuleSoft Meetup Vancouver 5th Virtual EventMuleSoft Meetup Vancouver 5th Virtual Event
MuleSoft Meetup Vancouver 5th Virtual EventVikalp Bhalia
 
Distributed Tracing with Jaeger
Distributed Tracing with JaegerDistributed Tracing with Jaeger
Distributed Tracing with JaegerInho Kang
 
Oracle Blockchain Platform_Wonjo Yoo
Oracle Blockchain Platform_Wonjo YooOracle Blockchain Platform_Wonjo Yoo
Oracle Blockchain Platform_Wonjo YooOracle Korea
 

Recommended

Introducing Confluent labs Parallel Consumer client | Anthony Stubbes, Confluent
Introducing Confluent labs Parallel Consumer client | Anthony Stubbes, ConfluentIntroducing Confluent labs Parallel Consumer client | Anthony Stubbes, Confluent
Introducing Confluent labs Parallel Consumer client | Anthony Stubbes, ConfluentHostedbyConfluent
 
Microservices with Node.js and Apache Cassandra
Microservices with Node.js and Apache CassandraMicroservices with Node.js and Apache Cassandra
Microservices with Node.js and Apache CassandraJorge Bay Gondra
 
Scaling Security on 100s of Millions of Mobile Devices Using Apache Kafka® an...
Scaling Security on 100s of Millions of Mobile Devices Using Apache Kafka® an...Scaling Security on 100s of Millions of Mobile Devices Using Apache Kafka® an...
Scaling Security on 100s of Millions of Mobile Devices Using Apache Kafka® an...confluent
 
Service Discovery and Registration in a Microservices Architecture
Service Discovery and Registration in a Microservices ArchitectureService Discovery and Registration in a Microservices Architecture
Service Discovery and Registration in a Microservices ArchitecturePLUMgrid
 
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0NGINX, Inc.
 
MuleSoft Meetup Vancouver 5th Virtual Event
MuleSoft Meetup Vancouver 5th Virtual EventMuleSoft Meetup Vancouver 5th Virtual Event
MuleSoft Meetup Vancouver 5th Virtual EventVikalp Bhalia
 
Distributed Tracing with Jaeger
Distributed Tracing with JaegerDistributed Tracing with Jaeger
Distributed Tracing with JaegerInho Kang
 
Oracle Blockchain Platform_Wonjo Yoo
Oracle Blockchain Platform_Wonjo YooOracle Blockchain Platform_Wonjo Yoo
Oracle Blockchain Platform_Wonjo YooOracle Korea
 
Streaming a Million Likes/Second: Real-Time Interactions on Live Video
Streaming a Million Likes/Second: Real-Time Interactions on Live VideoStreaming a Million Likes/Second: Real-Time Interactions on Live Video
Streaming a Million Likes/Second: Real-Time Interactions on Live VideoC4Media
 
Flowchain: A case study on building a Blockchain for the IoT
Flowchain: A case study on building a Blockchain for the IoTFlowchain: A case study on building a Blockchain for the IoT
Flowchain: A case study on building a Blockchain for the IoTLinuxCon ContainerCon CloudOpen China
 
Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API GatewayYohann Ciurlik
 
CQRS and Event Sourcing
CQRS and Event Sourcing CQRS and Event Sourcing
CQRS and Event Sourcing Inho Kang
 
[오픈소스컨설팅] 서비스 메쉬(Service mesh)
[오픈소스컨설팅] 서비스 메쉬(Service mesh)[오픈소스컨설팅] 서비스 메쉬(Service mesh)
[오픈소스컨설팅] 서비스 메쉬(Service mesh)Open Source Consulting
 
Istio : Service Mesh
Istio : Service MeshIstio : Service Mesh
Istio : Service MeshKnoldus Inc.
 
NGINX Plus R19 : EMEA
NGINX Plus R19 : EMEANGINX Plus R19 : EMEA
NGINX Plus R19 : EMEANGINX, Inc.
 
SpringBoot and Spring Cloud Service for MSA
SpringBoot and Spring Cloud Service for MSASpringBoot and Spring Cloud Service for MSA
SpringBoot and Spring Cloud Service for MSAOracle Korea
 
Kafka’s New Control Plane: The Quorum Controller | Colin McCabe, Confluent
Kafka’s New Control Plane: The Quorum Controller | Colin McCabe, ConfluentKafka’s New Control Plane: The Quorum Controller | Colin McCabe, Confluent
Kafka’s New Control Plane: The Quorum Controller | Colin McCabe, ConfluentHostedbyConfluent
 
Locking down your Kubernetes cluster with Linkerd
Locking down your Kubernetes cluster with LinkerdLocking down your Kubernetes cluster with Linkerd
Locking down your Kubernetes cluster with LinkerdBuoyant
 
Build Robust Blockchain Services with Hyperledger and Containers
Build Robust Blockchain Services with Hyperledger and ContainersBuild Robust Blockchain Services with Hyperledger and Containers
Build Robust Blockchain Services with Hyperledger and ContainersLinuxCon ContainerCon CloudOpen China
 
WSO2 Enterprise Service Bus - Product Overview
WSO2 Enterprise Service Bus - Product OverviewWSO2 Enterprise Service Bus - Product Overview
WSO2 Enterprise Service Bus - Product OverviewWSO2
 
Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...
Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...
Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...NGINX, Inc.
 
Microservices Docker Kubernetes Istio Kanban DevOps SRE
Microservices Docker Kubernetes Istio Kanban DevOps SREMicroservices Docker Kubernetes Istio Kanban DevOps SRE
Microservices Docker Kubernetes Istio Kanban DevOps SREAraf Karsh Hamid
 
Introduction To Flink
Introduction To FlinkIntroduction To Flink
Introduction To FlinkKnoldus Inc.
 
Orchestraing the Blockchain Using Containers
Orchestraing the Blockchain Using ContainersOrchestraing the Blockchain Using Containers
Orchestraing the Blockchain Using ContainersAndrew Kennedy
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureChiradeep Vittal
 
Service Discovery 101
Service Discovery 101Service Discovery 101
Service Discovery 101Stefan Achtsnit
 
Capital One Delivers Risk Insights in Real Time with Stream Processing
Capital One Delivers Risk Insights in Real Time with Stream ProcessingCapital One Delivers Risk Insights in Real Time with Stream Processing
Capital One Delivers Risk Insights in Real Time with Stream Processingconfluent
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureChiradeep Vittal
 
What's new in confluent platform 5.4 online talk
What's new in confluent platform 5.4 online talkWhat's new in confluent platform 5.4 online talk
What's new in confluent platform 5.4 online talkconfluent
 
OpenStack Keystone
OpenStack KeystoneOpenStack Keystone
OpenStack KeystoneDeepti Ramakrishna
 

More Related Content

What's hot

Streaming a Million Likes/Second: Real-Time Interactions on Live Video
Streaming a Million Likes/Second: Real-Time Interactions on Live VideoStreaming a Million Likes/Second: Real-Time Interactions on Live Video
Streaming a Million Likes/Second: Real-Time Interactions on Live VideoC4Media
 
Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API GatewayYohann Ciurlik
 
CQRS and Event Sourcing
CQRS and Event Sourcing CQRS and Event Sourcing
CQRS and Event Sourcing Inho Kang
 
[오픈소스컨설팅] 서비스 메쉬(Service mesh)
[오픈소스컨설팅] 서비스 메쉬(Service mesh)[오픈소스컨설팅] 서비스 메쉬(Service mesh)
[오픈소스컨설팅] 서비스 메쉬(Service mesh)Open Source Consulting
 
Istio : Service Mesh
Istio : Service MeshIstio : Service Mesh
Istio : Service MeshKnoldus Inc.
 
NGINX Plus R19 : EMEA
NGINX Plus R19 : EMEANGINX Plus R19 : EMEA
NGINX Plus R19 : EMEANGINX, Inc.
 
SpringBoot and Spring Cloud Service for MSA
SpringBoot and Spring Cloud Service for MSASpringBoot and Spring Cloud Service for MSA
SpringBoot and Spring Cloud Service for MSAOracle Korea
 
Kafka’s New Control Plane: The Quorum Controller | Colin McCabe, Confluent
Kafka’s New Control Plane: The Quorum Controller | Colin McCabe, ConfluentKafka’s New Control Plane: The Quorum Controller | Colin McCabe, Confluent
Kafka’s New Control Plane: The Quorum Controller | Colin McCabe, ConfluentHostedbyConfluent
 
Locking down your Kubernetes cluster with Linkerd
Locking down your Kubernetes cluster with LinkerdLocking down your Kubernetes cluster with Linkerd
Locking down your Kubernetes cluster with LinkerdBuoyant
 
WSO2 Enterprise Service Bus - Product Overview
WSO2 Enterprise Service Bus - Product OverviewWSO2 Enterprise Service Bus - Product Overview
WSO2 Enterprise Service Bus - Product OverviewWSO2
 
Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...
Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...
Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...NGINX, Inc.
 
Microservices Docker Kubernetes Istio Kanban DevOps SRE
Microservices Docker Kubernetes Istio Kanban DevOps SREMicroservices Docker Kubernetes Istio Kanban DevOps SRE
Microservices Docker Kubernetes Istio Kanban DevOps SREAraf Karsh Hamid
 
Introduction To Flink
Introduction To FlinkIntroduction To Flink
Introduction To FlinkKnoldus Inc.
 
Orchestraing the Blockchain Using Containers
Orchestraing the Blockchain Using ContainersOrchestraing the Blockchain Using Containers
Orchestraing the Blockchain Using ContainersAndrew Kennedy
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureChiradeep Vittal
 
Capital One Delivers Risk Insights in Real Time with Stream Processing
Capital One Delivers Risk Insights in Real Time with Stream ProcessingCapital One Delivers Risk Insights in Real Time with Stream Processing
Capital One Delivers Risk Insights in Real Time with Stream Processingconfluent
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureChiradeep Vittal
 

What's hot (20)

Streaming a Million Likes/Second: Real-Time Interactions on Live Video
Streaming a Million Likes/Second: Real-Time Interactions on Live VideoStreaming a Million Likes/Second: Real-Time Interactions on Live Video
Streaming a Million Likes/Second: Real-Time Interactions on Live Video
 
Flowchain: A case study on building a Blockchain for the IoT
Flowchain: A case study on building a Blockchain for the IoTFlowchain: A case study on building a Blockchain for the IoT
Flowchain: A case study on building a Blockchain for the IoT
 
Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API Gateway
 
CQRS and Event Sourcing
CQRS and Event Sourcing CQRS and Event Sourcing
CQRS and Event Sourcing
 
[오픈소스컨설팅] 서비스 메쉬(Service mesh)
[오픈소스컨설팅] 서비스 메쉬(Service mesh)[오픈소스컨설팅] 서비스 메쉬(Service mesh)
[오픈소스컨설팅] 서비스 메쉬(Service mesh)
 
Istio : Service Mesh
Istio : Service MeshIstio : Service Mesh
Istio : Service Mesh
 
NGINX Plus R19 : EMEA
NGINX Plus R19 : EMEANGINX Plus R19 : EMEA
NGINX Plus R19 : EMEA
 
SpringBoot and Spring Cloud Service for MSA
SpringBoot and Spring Cloud Service for MSASpringBoot and Spring Cloud Service for MSA
SpringBoot and Spring Cloud Service for MSA
 
Kafka’s New Control Plane: The Quorum Controller | Colin McCabe, Confluent
Kafka’s New Control Plane: The Quorum Controller | Colin McCabe, ConfluentKafka’s New Control Plane: The Quorum Controller | Colin McCabe, Confluent
Kafka’s New Control Plane: The Quorum Controller | Colin McCabe, Confluent
 
Locking down your Kubernetes cluster with Linkerd
Locking down your Kubernetes cluster with LinkerdLocking down your Kubernetes cluster with Linkerd
Locking down your Kubernetes cluster with Linkerd
 
Build Robust Blockchain Services with Hyperledger and Containers
Build Robust Blockchain Services with Hyperledger and ContainersBuild Robust Blockchain Services with Hyperledger and Containers
Build Robust Blockchain Services with Hyperledger and Containers
 
WSO2 Enterprise Service Bus - Product Overview
WSO2 Enterprise Service Bus - Product OverviewWSO2 Enterprise Service Bus - Product Overview
WSO2 Enterprise Service Bus - Product Overview
 
Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...
Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...
Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...
 
Microservices Docker Kubernetes Istio Kanban DevOps SRE
Microservices Docker Kubernetes Istio Kanban DevOps SREMicroservices Docker Kubernetes Istio Kanban DevOps SRE
Microservices Docker Kubernetes Istio Kanban DevOps SRE
 
Introduction To Flink
Introduction To FlinkIntroduction To Flink
Introduction To Flink
 
Orchestraing the Blockchain Using Containers
Orchestraing the Blockchain Using ContainersOrchestraing the Blockchain Using Containers
Orchestraing the Blockchain Using Containers
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native Architecture
 
Service Discovery 101
Service Discovery 101Service Discovery 101
Service Discovery 101
 
Capital One Delivers Risk Insights in Real Time with Stream Processing
Capital One Delivers Risk Insights in Real Time with Stream ProcessingCapital One Delivers Risk Insights in Real Time with Stream Processing
Capital One Delivers Risk Insights in Real Time with Stream Processing
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native Architecture
 

Similar to Confluent Platform Security Components

What's new in confluent platform 5.4 online talk
What's new in confluent platform 5.4 online talkWhat's new in confluent platform 5.4 online talk
What's new in confluent platform 5.4 online talkconfluent
 
End-End Security with Confluent Platform
End-End Security with Confluent Platform End-End Security with Confluent Platform
End-End Security with Confluent Platform confluent
 
2010-03-30 Red Hat Identity Management, Certificate System Technical Overview
2010-03-30 Red Hat Identity Management, Certificate System Technical Overview2010-03-30 Red Hat Identity Management, Certificate System Technical Overview
2010-03-30 Red Hat Identity Management, Certificate System Technical OverviewShawn Wells
 
Spring boot microservice metrics monitoring
Spring boot microservice metrics monitoringSpring boot microservice metrics monitoring
Spring boot microservice metrics monitoringOracle Korea
 
Spring Boot - Microservice Metrics Monitoring
Spring Boot - Microservice Metrics MonitoringSpring Boot - Microservice Metrics Monitoring
Spring Boot - Microservice Metrics MonitoringDonghuKIM2
 
Explore Advanced CA Release Automation Configuration Topics
Explore Advanced CA Release Automation Configuration TopicsExplore Advanced CA Release Automation Configuration Topics
Explore Advanced CA Release Automation Configuration TopicsCA Technologies
 
SFScon22 - Sara Tumiati - Goffice 2.0 - Open-Source Microservices for the Sou...
SFScon22 - Sara Tumiati - Goffice 2.0 - Open-Source Microservices for the Sou...SFScon22 - Sara Tumiati - Goffice 2.0 - Open-Source Microservices for the Sou...
SFScon22 - Sara Tumiati - Goffice 2.0 - Open-Source Microservices for the Sou...South Tyrol Free Software Conference
 
Sprint 137
Sprint 137Sprint 137
Sprint 137ManageIQ
 
Using Docker EE to Scale Operational Intelligence at Splunk
Using Docker EE to Scale Operational Intelligence at SplunkUsing Docker EE to Scale Operational Intelligence at Splunk
Using Docker EE to Scale Operational Intelligence at SplunkDocker, Inc.
 
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)Richard Bullington-McGuire
 
Sprint 157
Sprint 157Sprint 157
Sprint 157ManageIQ
 
Cloudfoundry Introduction
Cloudfoundry IntroductionCloudfoundry Introduction
Cloudfoundry IntroductionYitao Jiang
 
Autosys Trainer CV
Autosys Trainer CVAutosys Trainer CV
Autosys Trainer CVDS gupta
 
PCF2.2 update mkim_201807
PCF2.2 update mkim_201807PCF2.2 update mkim_201807
PCF2.2 update mkim_201807minseok kim
 
Zou Layered VO PDCAT2008 V0.5 Concise
Zou Layered VO PDCAT2008 V0.5 ConciseZou Layered VO PDCAT2008 V0.5 Concise
Zou Layered VO PDCAT2008 V0.5 Conciseyongqiangzou
 
Pivotal Platform: A First Look at the October Release
Pivotal Platform: A First Look at the October ReleasePivotal Platform: A First Look at the October Release
Pivotal Platform: A First Look at the October ReleaseVMware Tanzu
 
Chap_6Lesson02Emsys3EInterruptBasedIOs.pdf
Chap_6Lesson02Emsys3EInterruptBasedIOs.pdfChap_6Lesson02Emsys3EInterruptBasedIOs.pdf
Chap_6Lesson02Emsys3EInterruptBasedIOs.pdfMAHESHV559910
 

Similar to Confluent Platform Security Components (20)

What's new in confluent platform 5.4 online talk
What's new in confluent platform 5.4 online talkWhat's new in confluent platform 5.4 online talk
What's new in confluent platform 5.4 online talk
 
OpenStack Keystone
OpenStack KeystoneOpenStack Keystone
OpenStack Keystone
 
End-End Security with Confluent Platform
End-End Security with Confluent Platform End-End Security with Confluent Platform
End-End Security with Confluent Platform
 
2010-03-30 Red Hat Identity Management, Certificate System Technical Overview
2010-03-30 Red Hat Identity Management, Certificate System Technical Overview2010-03-30 Red Hat Identity Management, Certificate System Technical Overview
2010-03-30 Red Hat Identity Management, Certificate System Technical Overview
 
Spring boot microservice metrics monitoring
Spring boot microservice metrics monitoringSpring boot microservice metrics monitoring
Spring boot microservice metrics monitoring
 
Spring Boot - Microservice Metrics Monitoring
Spring Boot - Microservice Metrics MonitoringSpring Boot - Microservice Metrics Monitoring
Spring Boot - Microservice Metrics Monitoring
 
RBAC in Kuberetes
RBAC in KuberetesRBAC in Kuberetes
RBAC in Kuberetes
 
Explore Advanced CA Release Automation Configuration Topics
Explore Advanced CA Release Automation Configuration TopicsExplore Advanced CA Release Automation Configuration Topics
Explore Advanced CA Release Automation Configuration Topics
 
SFScon22 - Sara Tumiati - Goffice 2.0 - Open-Source Microservices for the Sou...
SFScon22 - Sara Tumiati - Goffice 2.0 - Open-Source Microservices for the Sou...SFScon22 - Sara Tumiati - Goffice 2.0 - Open-Source Microservices for the Sou...
SFScon22 - Sara Tumiati - Goffice 2.0 - Open-Source Microservices for the Sou...
 
Sprint 137
Sprint 137Sprint 137
Sprint 137
 
Using Docker EE to Scale Operational Intelligence at Splunk
Using Docker EE to Scale Operational Intelligence at SplunkUsing Docker EE to Scale Operational Intelligence at Splunk
Using Docker EE to Scale Operational Intelligence at Splunk
 
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
 
Keycloak SSO basics
Keycloak SSO basicsKeycloak SSO basics
Keycloak SSO basics
 
Sprint 157
Sprint 157Sprint 157
Sprint 157
 
Cloudfoundry Introduction
Cloudfoundry IntroductionCloudfoundry Introduction
Cloudfoundry Introduction
 
Autosys Trainer CV
Autosys Trainer CVAutosys Trainer CV
Autosys Trainer CV
 
PCF2.2 update mkim_201807
PCF2.2 update mkim_201807PCF2.2 update mkim_201807
PCF2.2 update mkim_201807
 
Zou Layered VO PDCAT2008 V0.5 Concise
Zou Layered VO PDCAT2008 V0.5 ConciseZou Layered VO PDCAT2008 V0.5 Concise
Zou Layered VO PDCAT2008 V0.5 Concise
 
Pivotal Platform: A First Look at the October Release
Pivotal Platform: A First Look at the October ReleasePivotal Platform: A First Look at the October Release
Pivotal Platform: A First Look at the October Release
 
Chap_6Lesson02Emsys3EInterruptBasedIOs.pdf
Chap_6Lesson02Emsys3EInterruptBasedIOs.pdfChap_6Lesson02Emsys3EInterruptBasedIOs.pdf
Chap_6Lesson02Emsys3EInterruptBasedIOs.pdf
 

More from confluent

Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
Santander Stream Processing with Apache Flink
Santander Stream Processing with Apache FlinkSantander Stream Processing with Apache Flink
Santander Stream Processing with Apache Flinkconfluent
 
Unlocking the Power of IoT: A comprehensive approach to real-time insights
Unlocking the Power of IoT: A comprehensive approach to real-time insightsUnlocking the Power of IoT: A comprehensive approach to real-time insights
Unlocking the Power of IoT: A comprehensive approach to real-time insightsconfluent
 
Workshop híbrido: Stream Processing con Flink
Workshop híbrido: Stream Processing con FlinkWorkshop híbrido: Stream Processing con Flink
Workshop híbrido: Stream Processing con Flinkconfluent
 
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...confluent
 
AWS Immersion Day Mapfre - Confluent
AWS Immersion Day Mapfre - ConfluentAWS Immersion Day Mapfre - Confluent
AWS Immersion Day Mapfre - Confluentconfluent
 
Eventos y Microservicios - Santander TechTalk
Eventos y Microservicios - Santander TechTalkEventos y Microservicios - Santander TechTalk
Eventos y Microservicios - Santander TechTalkconfluent
 
Q&A with Confluent Experts: Navigating Networking in Confluent Cloud
Q&A with Confluent Experts: Navigating Networking in Confluent CloudQ&A with Confluent Experts: Navigating Networking in Confluent Cloud
Q&A with Confluent Experts: Navigating Networking in Confluent Cloudconfluent
 
Citi TechTalk Session 2: Kafka Deep Dive
Citi TechTalk Session 2: Kafka Deep DiveCiti TechTalk Session 2: Kafka Deep Dive
Citi TechTalk Session 2: Kafka Deep Diveconfluent
 
Build real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with ConfluentBuild real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with Confluentconfluent
 
Q&A with Confluent Professional Services: Confluent Service Mesh
Q&A with Confluent Professional Services: Confluent Service MeshQ&A with Confluent Professional Services: Confluent Service Mesh
Q&A with Confluent Professional Services: Confluent Service Meshconfluent
 
Citi Tech Talk: Event Driven Kafka Microservices
Citi Tech Talk: Event Driven Kafka MicroservicesCiti Tech Talk: Event Driven Kafka Microservices
Citi Tech Talk: Event Driven Kafka Microservicesconfluent
 
Confluent & GSI Webinars series - Session 3
Confluent & GSI Webinars series - Session 3Confluent & GSI Webinars series - Session 3
Confluent & GSI Webinars series - Session 3confluent
 
Citi Tech Talk: Messaging Modernization
Citi Tech Talk: Messaging ModernizationCiti Tech Talk: Messaging Modernization
Citi Tech Talk: Messaging Modernizationconfluent
 
Citi Tech Talk: Data Governance for streaming and real time data
Citi Tech Talk: Data Governance for streaming and real time dataCiti Tech Talk: Data Governance for streaming and real time data
Citi Tech Talk: Data Governance for streaming and real time dataconfluent
 
Confluent & GSI Webinars series: Session 2
Confluent & GSI Webinars series: Session 2Confluent & GSI Webinars series: Session 2
Confluent & GSI Webinars series: Session 2confluent
 
Data In Motion Paris 2023
Data In Motion Paris 2023Data In Motion Paris 2023
Data In Motion Paris 2023confluent
 
Confluent Partner Tech Talk with Synthesis
Confluent Partner Tech Talk with SynthesisConfluent Partner Tech Talk with Synthesis
Confluent Partner Tech Talk with Synthesisconfluent
 
The Future of Application Development - API Days - Melbourne 2023
The Future of Application Development - API Days - Melbourne 2023The Future of Application Development - API Days - Melbourne 2023
The Future of Application Development - API Days - Melbourne 2023confluent
 
The Playful Bond Between REST And Data Streams
The Playful Bond Between REST And Data StreamsThe Playful Bond Between REST And Data Streams
The Playful Bond Between REST And Data Streamsconfluent
 

More from confluent (20)

Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
Santander Stream Processing with Apache Flink
Santander Stream Processing with Apache FlinkSantander Stream Processing with Apache Flink
Santander Stream Processing with Apache Flink
 
Unlocking the Power of IoT: A comprehensive approach to real-time insights
Unlocking the Power of IoT: A comprehensive approach to real-time insightsUnlocking the Power of IoT: A comprehensive approach to real-time insights
Unlocking the Power of IoT: A comprehensive approach to real-time insights
 
Workshop híbrido: Stream Processing con Flink
Workshop híbrido: Stream Processing con FlinkWorkshop híbrido: Stream Processing con Flink
Workshop híbrido: Stream Processing con Flink
 
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
 
AWS Immersion Day Mapfre - Confluent
AWS Immersion Day Mapfre - ConfluentAWS Immersion Day Mapfre - Confluent
AWS Immersion Day Mapfre - Confluent
 
Eventos y Microservicios - Santander TechTalk
Eventos y Microservicios - Santander TechTalkEventos y Microservicios - Santander TechTalk
Eventos y Microservicios - Santander TechTalk
 
Q&A with Confluent Experts: Navigating Networking in Confluent Cloud
Q&A with Confluent Experts: Navigating Networking in Confluent CloudQ&A with Confluent Experts: Navigating Networking in Confluent Cloud
Q&A with Confluent Experts: Navigating Networking in Confluent Cloud
 
Citi TechTalk Session 2: Kafka Deep Dive
Citi TechTalk Session 2: Kafka Deep DiveCiti TechTalk Session 2: Kafka Deep Dive
Citi TechTalk Session 2: Kafka Deep Dive
 
Build real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with ConfluentBuild real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with Confluent
 
Q&A with Confluent Professional Services: Confluent Service Mesh
Q&A with Confluent Professional Services: Confluent Service MeshQ&A with Confluent Professional Services: Confluent Service Mesh
Q&A with Confluent Professional Services: Confluent Service Mesh
 
Citi Tech Talk: Event Driven Kafka Microservices
Citi Tech Talk: Event Driven Kafka MicroservicesCiti Tech Talk: Event Driven Kafka Microservices
Citi Tech Talk: Event Driven Kafka Microservices
 
Confluent & GSI Webinars series - Session 3
Confluent & GSI Webinars series - Session 3Confluent & GSI Webinars series - Session 3
Confluent & GSI Webinars series - Session 3
 
Citi Tech Talk: Messaging Modernization
Citi Tech Talk: Messaging ModernizationCiti Tech Talk: Messaging Modernization
Citi Tech Talk: Messaging Modernization
 
Citi Tech Talk: Data Governance for streaming and real time data
Citi Tech Talk: Data Governance for streaming and real time dataCiti Tech Talk: Data Governance for streaming and real time data
Citi Tech Talk: Data Governance for streaming and real time data
 
Confluent & GSI Webinars series: Session 2
Confluent & GSI Webinars series: Session 2Confluent & GSI Webinars series: Session 2
Confluent & GSI Webinars series: Session 2
 
Data In Motion Paris 2023
Data In Motion Paris 2023Data In Motion Paris 2023
Data In Motion Paris 2023
 
Confluent Partner Tech Talk with Synthesis
Confluent Partner Tech Talk with SynthesisConfluent Partner Tech Talk with Synthesis
Confluent Partner Tech Talk with Synthesis
 
The Future of Application Development - API Days - Melbourne 2023
The Future of Application Development - API Days - Melbourne 2023The Future of Application Development - API Days - Melbourne 2023
The Future of Application Development - API Days - Melbourne 2023
 
The Playful Bond Between REST And Data Streams
The Playful Bond Between REST And Data StreamsThe Playful Bond Between REST And Data Streams
The Playful Bond Between REST And Data Streams
 

Recently uploaded

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingThe Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingSelcen Ozturkcan
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Recently uploaded (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingThe Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Confluent Platform Security Components

  • 1. 1C O N F I D E N T I A L Confluent Platform Security Components Suvad Sahovic suvad@confluent.io
  • 2. 2C O N F I D E N T I A L RBAC
  • 3. 3C O N F I D E N T I A L Challenges #1
  • 4. 4C O N F I D E N T I A L C3 KSQL REST Proxy SR CONN. Challenges #2
  • 5. 5C O N F I D E N T I A L C3 KSQL REST Proxy SR CONN.
  • 6. 6C O N F I D E N T I A L 6 Managing Role Binding Role Binding Users/groups Roles ● Privileged users can setup, view and manage roles for others ● This includes both users and groups ● User/Group information is integrated with AD/LDAP ● In preview, the management of roles is done through the new CLI Resource scoping 5.3 Release
  • 7. 7C O N F I D E N T I A L 7 Enforcing Authorization CLIGUI API RBAC authorization ● User access to the platform is authorized based on their role ● Enforcement is done across all user interfaces: CLI, Control Center (GUI), and APIs ● RBAC works with Apache Kafka ACLs Role Binding 5.3 Release
  • 8. 8C O N F I D E N T I A L 8 RBAC RBAC Predefined roles Developer SystemAdmin UserAdminsuper.user ClusterAdminResourceOwner Operator SecurityAdmin Available now
  • 9. 9C O N F I D E N T I A L D E M O
  • 10. 10
  • 11. 11 RBAC role binding ./confluent iam rolebinding create --principal Group:m3ddev --role DeveloperWrite --resource Connector:m3d-connector- --prefix --kafka-cluster-id OGpC-FNLTV6MHVOM8ZDj5g --connect-cluster-id connect-cluster

Editor's Notes

  1. RBAC in CP consists of roles, rolebindings, and principals A role has a set of allowed operations on certain CP resources A principal is a user or group A rolebinding is a mapping or statement saying that a certain principal has a certain role Rolebindings always are defined in a particular scope and can be talking about a cluster or a resource within a cluster Example rolebinding: “User Bob has the ClusterAdmin role on Kafka cluster my-test-cluster” Key RBAC operations: Create rolebindings. List rolebindings. Delete rolebindings. List available roles and their associated access policies. (Internal to CP) enforce rolebindings. Other highlights: We will utilize a predefined set of Roles: SystemAdmin, ClusterAdmin, Operator, UserAdmin, ResourceOwner, Developer, SecurityAdmin. A user who is assigned a role receives all the privileges of that role. Each user could belong to multiple roles. A privileged user within a given scope can create/update another user’s roles: { user, role, scope } Privileged user can update the roles for existing users (add/revoke roles). Centralized AD/LDAP setup for authentication and authorization.
  2. SystemAdmin Full Access to all resources UserAdmin Manages Users, Groups and Roles Operator Has access to application health & monitoring. Can restart applications, but cannot edit them ResourceOwner Owns a set of resources (schemas, topics, consumer groups, applications, etc.) and can grant permissions to those resources, but cannot change topic setups ClusterAdmin Manages clusters & brokers. Can create and edit topics but cannot read/write into them Developer Can create applications and change queries SecurityAdmin Manages audit logs and other security settings