Skip to main content
RBAC requires Pulsar 3.3.2.5, 4.0.0.9, or later.
Role-based access control (RBAC) allows you to control what level of access users have to your organization’s resources, including but not limited to instances, clusters, tenants, namespaces, topics, schemas, service accounts, and more. Use RBAC to protect your StreamNative Cloud resources and data by authorizing and restricting access to principals and by delegating access authorization to the appropriate business units and teams in your organization.

Prerequisites

Before using RBAC, it is important to understand the following concepts:

Concepts

In RBAC, there are a few key concepts:

Principal

A principal is an entity that can be granted access to resources. Principals can be User Accounts, Service Accounts, or Identity Pools.

Predefined Role

A predefined role defines the boundary of permissions it can operate, and a predefined role can be assigned to principals.

Role binding

A role binding assigns a predefined role to a principal. Role bindings are used to grant permissions to principals.

RBAC Workflow

The RBAC workflow consists of two main parts:

RBAC Management

Users can manage (create, update, or delete) RBAC roles and role bindings using: Once resources are created, the StreamNative Cloud control plane automatically monitors them and propagates any changes to different components and resources for validation.

RBAC Validation

Each component in both the control plane and data plane receives the RBAC settings (roles and bindings) and uses them for validation. For example, when a user attempts to produce to a topic, the action is validated against the RBAC settings. If the user does not have the necessary permissions, the action is rejected.