Rights evaluation

Rights evaluation

You can assign multiple roles with multiple rights to a user. The following rules apply to evaluate the rights in effect:

First Rule:           Specific right before less specific right.
Second Rule:      Allow before deny.

Rule 1 example:
Right1: Deny      TopicAccessAll             in topic_people_*
Right2: Allow     TopicAccessRead            in topic_people_germany_*
Result: Allow     TopicAccessRead            in topic_people_germany_frankfurt
Result: Deny      TopicAccessAll             in topic_people_usa
Rule 2 example:
Right 1: Deny     TopicAccessAll              in topic_people_germany_*
Right 2: Allow    TopicAccessAll              in topic_people_germany_*
Result:  Allow    TopicAccessAll             in topic_people_germany_frankfurt
Rule 1 is applied before rule 2 example:
Right 1: Allow    TopicAccessAll              in topic_people_germany_*
Right 2: Deny     TopicAccessAll              in topic_people_germany_frankfurt
Result: Deny     TopicAccessAll              in topic_people_germany_frankfurt



Figure 4:  Evaluation of Rights, Roles, and Groups

    • Related Articles

    • Manage rights and roles

      What are roles? Roles are a collection of rights that can be assigned either to groups or directly to users. The rights define the scope of functionality and data to which a user has access. Create roles and rights Go to the Roles screen in the ...
    • Consumer Right Management

      Troubleshooting consumer groups is an important task in Apache Kafka environments. This includes identifying slow consumers, skipping a so-called "poison pill", a record that always crashes the consumer and prevents it from progressing, as well as ...
    • Kafka Connect Rights Management

      To view or manage Kafka Connect connectors or task, the user must have both the KafkaConnectView right and the KafkaConnectManage right. KafkaConnectView and KafkaConnectManage can be assigned for individual connections/environments. Example rights: ...
    • ACL Rights Management

      The rights to manage or view ACLs can be configured flexibly: from basic rights that cover all ACLs to resource-specific rights with specifications on the naming scheme. The latter allows teams to independently manage resources within their working ...
    • Quick Processor Rights Management

      To modify or create a Quick Processor, the user must have both the QuickProcessorModify right and the TopicAccessRead right. QuickProcessorModify can be assigned for individual connections/environments. In combination with the TopicAccessRead right, ...