This feature is currently in Private Preview. In order to use this feature your Pulsar Clusters must be on the rapid channel and be on version 3.3.2.5, 4.0.0.9 or greater. Contact StreamNative for it to be enabled.
- Users no longer have implicit Super Admin (Super User) access to Pulsar clusters. They only have permissions that are explicitly granted.
- You can grant granular permissions to resources by applying ACLs or RBAC role bindings to principals.
- Both ACLs and RBAC role bindings can be used with users and service accounts to grant fine-grained access to resources.
ACLs vs RBAC
The following table summarizes which principals can be granted each type of access control:Principal Type | ACLs | RBAC Role Bindings |
---|---|---|
User | Yes | Yes |
Service Account | Yes | Yes |
Identity Pool | No | Yes |
ACLs + RBAC Role Bindings
When used together, ACLs and RBAC role bindings are combined using a logical AND operation:- ACLs evaluate whether a principal has permission to perform a specific action
- RBAC role bindings evaluate whether a principal has a role that grants permission for an action
- An ACL that allows them to produce to a topic
- An RBAC role binding that allows them to consume from that topic