Initializing Kadeck with roles and groups through files
Kadeck allows initialization of roles and groups through YAML configuration files using environment variables:
- xeotek_kadeck_init_roles_file: Path to roles configuration file
- xeotek_kadeck_init_groups_file: Path to groups configuration file
Existing roles, groups and user-group assignments will be cleared before loading new configurations on each startup.
Prerequisites
This feature requires LDAP or OpenID Connect synchronization enabled. User-group assignments must be managed through these external authentication services, as manual group management within Kadeck is not supported for this feature.
File Structure
roles.yaml
- - name: "Role Name"
- description: "Role Description"
- rights:
- - action: "Permission Action"
- resource: "Resource Pattern"
- effect: "Allow"
groups.yaml
- - name: "Group Name"
- externalMapping: "Ext. Directory Service Group Name"
- description: "Group Description"
- roles:
- - "Role Name"
Configuration Example
1. Create role definitions:
- - name: "Finance Team Role"
- description: "Full topic-related access for all topics with the prefix finance on cluster 1"
- rights:
- - action: "TopicAccessAll"
- resource: "1:finance*"
- effect: "Allow"
2. Create group definitions with external mappings matching your LDAP/OpenID groups:
- - name: "Finance Team QA"
- externalMapping: "us-finance-department-quality"
- description: "The finance QA team"
- roles:
- - "Finance Team Role"
3. Set environment variables:
- export xeotek_kadeck_init_roles_file=/path/to/roles.yaml
- export xeotek_kadeck_init_groups_file=/path/to/groups.yaml
Important Notes
- Requires LDAP or OpenID Connect synchronization
- User-group assignments are managed through external authentication services
- Existing roles and groups will be cleared before loading new configurations (on each startup!)
- Role names referenced in groups.yaml must match names defined in roles.yaml
- Resource patterns support wildcards (*) for broader access control
Related Articles
Manage rights and roles
What are roles? Roles are a collection of rights that can be assigned either to groups or directly to users. The rights define the scope of functionality and data to which a user has access. Create roles and rights Go to the Roles screen in the ...Advanced: LDAP Module for nested groups
Note: the basic LDAP module is sufficient in most cases. Use only this module if the basic LDAP module does not return all groups (especially nested groups). This module was created to work around the issue where the memberOf property doesn’t return ...Groups and users
What are users? Users can be created by admins and assigned to groups. Roles can be assigned to users either through groups or by direct attachment. Create users To create users go to the Users page in the Organisation section of the Administration ...Rights evaluation
You can assign multiple roles with multiple rights to a user. The following rules apply to evaluate the rights in effect: First Rule: Specific right before less specific right. Second Rule: Allow before deny. Rule 1 example: Right1: Deny ...Consumer Right Management
Troubleshooting consumer groups is an important task in Apache Kafka environments. This includes identifying slow consumers, skipping a so-called "poison pill", a record that always crashes the consumer and prevents it from progressing, as well as ...