This feature is currently in Private Preview. In order to use this feature your Pulsar Clusters must be on the rapid channel and be on version 3.3.2.5, 4.0.0.9 or greater. Contact StreamNative for it to be enabled.
You can use RBAC role bindings together with Pulsar ACLs to control access to Pulsar resources. Principals (users and service accounts) can be granted ACLs, RBAC role bindings, or both. The system considers all granted permissions when determining whether a principal can perform a specific action.When RBAC is enabled, the following changes apply:
Users no longer have implicit Super Admin (Super User) access to Pulsar clusters. They only have permissions that are explicitly granted.
You can grant granular permissions to resources by applying ACLs or RBAC role bindings to principals.
Both ACLs and RBAC role bindings can be used with users and service accounts to grant fine-grained access to resources.
When used together, ACLs and RBAC role bindings are combined using a logical AND operation:
ACLs evaluate whether a principal has permission to perform a specific action
RBAC role bindings evaluate whether a principal has a role that grants permission for an action
For example, if a user has:
An ACL that allows them to produce to a topic
An RBAC role binding that allows them to consume from that topic
Then that user will be able to both produce to and consume from the topic, since they have both permissions explicitly granted through the different mechanisms.