In Pulsar, the authentication provider is responsible for properly identifying clients and associating the clients with role tokens. If you only enable authentication, an authenticated role token can be used to access all resources in the cluster. Authorization is the process that determines the operations performed by Pulsar clients.Superusers have the role tokens with the most privileges. The superusers can create and destroy tenants, and have full access to all tenant resources. When a superuser creates a tenant, the tenant is assigned with an the administrator role. A client with the administrator role can create, modify and destroy namespaces, and grant and revoke permissions to other roles on these namespaces.This topic describes how to authorize Pulsar components through the StreamNative Cloud Console. In addition, you can authorize Pulsar components through the pulsar-admin or pulsar-perf CLI tool. For details, see pulsar-admin and pulsar-perf.
To authorize a topic through the StreamNative Cloud Console, follow these steps.
On the left navigation pane, in the Resources section, click Topics.
Click the topic name link.
If the topic is partitioned, in the Partitions area, click the partitioned topic link.
Select the Policies tab and configure the authorization policies for the topic.
In the Authorization area, select a role for the topic and then grant or revoke permissions to the role in this topic by adding or deleting the following:
consume: grant/revoke the consuming action.
produce: grant/revoke the producing action.
functions: grant/revoke the Pulsar functions action.