全部產品
Search

搜尋本產品

    ApsaraMQ for Kafka:Confluent CLI RBAC授權樣本

    文件中心

    ApsaraMQ for Kafka:Confluent CLI RBAC授權樣本

    更新時間:May 17, 2025

    本文為您介紹使用Confluent CLI 進行RBAC授權的一些常見樣本。

    叢集類型和資源

    雲訊息佇列 Confluent 版叢集和資源詳情如下表所示:

    叢集

    資源類型

    Kafka cluster

    Cluster

    Group

    Topic

    TransactionalId

    KSQL

    Cluster

    Schema Registry

    Cluster

    Subject

    Connect cluster

    Cluster

    Connector

    Kafka cluster

    Kafka cluster中包含ClusterGroupTopicTransactionalId四種類型資源。

    Cluster

    支援配置的角色有:

    • AuditAdmin

    • ClusterAdmin

    • DeveloperManage

    • DeveloperWrite

    • Operator

    • ResourceOwner

    • SecurityAdmin

    • SystemAdmin

    • UserAdmin

    樣本一:為使用者test授予Kafka叢集SystemAdmin角色

    #建立授權
confluent iam rbac role-binding create --principal User:test --role SystemAdmin  --kafka-cluster <kafka-cluster-id>

#查看授權
confluent iam rbac role-binding list --principal User:test --role SystemAdmin  --kafka-cluster <kafka-cluster-id>

#刪除授權
confluent iam rbac role-binding delete --principal User:test --role SystemAdmin  --kafka-cluster <kafka-cluster-id>

    樣本二:為使用者test授予Kafka叢集ResourceOwner角色

    #建立授權
confluent iam rbac role-binding create --principal User:test --role ResourceOwner  --resource Cluster:kafka-cluster --kafka-cluster <kafka-cluster-id>

#查看授權
confluent iam rbac role-binding list --principal User:test --role ResourceOwner  --resource Cluster:kafka-cluster --kafka-cluster <kafka-cluster-id>

#刪除授權
confluent iam rbac role-binding delete --principal User:test --role ResourceOwner  --resource Cluster:kafka-cluster --kafka-cluster <kafka-cluster-id>

    Group

    支援配置的角色有:

    • DeveloperManage

    • DeveloperRead

    • ResourceOwner

    樣本一:為使用者test授予test_group DeveloperRead角色

    #建立授權
confluent iam rbac role-binding create --principal User:test --role DeveloperRead  --resource Group:group_test --kafka-cluster <kafka-cluster-id>

#查看授權
confluent iam rbac role-binding list --principal User:test --role DeveloperRead --resource Group:group_test --kafka-cluster <kafka-cluster-id>

#刪除授權
confluent iam rbac role-binding delete --principal User:test --role DeveloperRead --resource Group:group_test --kafka-cluster <kafka-cluster-id>

    樣本二:為使用者test授予首碼為demo的Group ResourceOwner角色

    #建立授權
confluent iam rbac role-binding create --principal User:test --role ResourceOwner  --resource Group:demo --prefix --kafka-cluster <kafka-cluster-id>

#查看授權
confluent iam rbac role-binding list --principal User:test --role ResourceOwner  --kafka-cluster <kafka-cluster-id>

#刪除授權
confluent iam rbac role-binding delete --principal User:test --role ResourceOwner --resource Group:demo --prefix --kafka-cluster <kafka-cluster-id>

    樣本三:為使用者test授予所有Group ResourceOwner角色

    #建立授權
confluent iam rbac role-binding create --principal User:test --role ResourceOwner  --resource Group:* --kafka-cluster <kafka-cluster-id>

#查看授權
confluent iam rbac role-binding list --principal User:test --role ResourceOwner  --resource Group:* --kafka-cluster <kafka-cluster-id>

#刪除授權
confluent iam rbac role-binding delete --principal User:test --role ResourceOwner --resource Group:* --kafka-cluster <kafka-cluster-id>

    Topic

    支援配置的角色有:

    • DeveloperManage

    • DeveloperRead

    • DeveloperWrite

    • ResourceOwner

    樣本一:為使用者test授予test_topic DeveloperWrite角色

    #建立授權
confluent iam rbac role-binding create --principal User:test --role DeveloperWrite  --resource Topic:test_topic --kafka-cluster <kafka-cluster-id>

#查看授權
confluent iam rbac role-binding list --principal User:test --role DeveloperWrite --resource Topic:test_topic --kafka-cluster <kafka-cluster-id>

#刪除授權
confluent iam rbac role-binding delete --principal User:test --role DeveloperWrite --resource Topic:test_topic --kafka-cluster <kafka-cluster-id>

    樣本二:為使用者test授予首碼為demo的Topic ResourceOwner角色

    #建立授權
confluent iam rbac role-binding create --principal User:test --role ResourceOwner  --resource Topic:demo --prefix --kafka-cluster <kafka-cluster-id>

#查看授權
confluent iam rbac role-binding list --principal User:test --role ResourceOwner --resource Topic:demo --prefix --kafka-cluster <kafka-cluster-id>

#刪除授權
confluent iam rbac role-binding delete --principal User:test --role ResourceOwner --resource Topic:demo --prefix --kafka-cluster <kafka-cluster-id>

    樣本三:為使用者test授予所有Topic ResourceOwner角色

    #建立授權
confluent iam rbac role-binding create --principal User:test --role ResourceOwner  --resource Topic:* --kafka-cluster <kafka-cluster-id>

#查看授權
confluent iam rbac role-binding list --principal User:test --role ResourceOwner --resource Topic:* --kafka-cluster <kafka-cluster-id>

#刪除授權
confluent iam rbac role-binding delete --principal User:test --role ResourceOwner --resource Topic:* --kafka-cluster <kafka-cluster-id>

    TransactionalId

    支援配置的角色有:

    • DeveloperManage

    • DeveloperRead

    • DeveloperWrite

    • ResourceOwner

    樣本:為使用者test授予所有TransactionalId ResourceOwner角色

    #建立授權
confluent iam rbac role-binding create --principal User:test --role ResourceOwner  --resource TransactionalId:* --kafka-cluster <kafka-cluster-id>

#查看授權
confluent iam rbac role-binding list --principal User:test --role ResourceOwner --resource TransactionalId:* --kafka-cluster <kafka-cluster-id>

#刪除授權
confluent iam rbac role-binding delete --principal User:test --role ResourceOwner --resource TransactionalId:* --kafka-cluster <kafka-cluster-id>

    KSQL

    KSQL中只有Cluster這一種類型資源。

    Cluster

    支援配置的角色有:

    • AuditAdmin

    • ClusterAdmin

    • DeveloperManage

    • DeveloperWrite

    • Operator

    • ResourceOwner

    • SecurityAdmin

    • SystemAdmin

    • UserAdmin

    樣本:為使用者test授予KSQL叢集ResourceOwner角色

    #建立授權
confluent iam rbac role-binding create --principal User:test --role ResourceOwner --resource KsqlCluster:ksql-cluster --ksql-cluster <ksql-cluster-id> --kafka-cluster <kafka-cluster-id>

#查看授權
confluent iam rbac role-binding list --principal User:test --role ResourceOwner --resource KsqlCluster:ksql-cluster --ksql-cluster <ksql-cluster-id> --kafka-cluster <kafka-cluster-id>

#刪除授權
confluent iam rbac role-binding delete --principal User:test --role ResourceOwner --resource KsqlCluster:ksql-cluster --ksql-cluster <ksql-cluster-id> --kafka-cluster <kafka-cluster-id>

    Schema Registry

    Schema Registry中包含ClusterSubject兩種類型資源。

    Cluster

    支援配置的角色有:

    • AuditAdmin

    • ClusterAdmin

    • Operator

    • SecurityAdmin

    • SystemAdmin

    • UserAdmin

    樣本:為使用者test授予Schema Registry叢集SystemAdmin角色

    #建立授權
confluent iam rbac role-binding create --principal User:test --role SystemAdmin --schema-registry-cluster <schema-registry-cluster-id> --kafka-cluster <kafka-cluster-id>

#查看授權
confluent iam rbac role-binding list --principal User:test --role SystemAdmin --schema-registry-cluster <schema-registry-cluster-id> --kafka-cluster <kafka-cluster-id>

#刪除授權
confluent iam rbac role-binding delete --principal User:test --role SystemAdmin --schema-registry-cluster <schema-registry-cluster-id> --kafka-cluster <kafka-cluster-id>

    Subject

    支援配置的角色有:

    • DeveloperManage

    • DeveloperRead

    • DeveloperWrite

    • ResourceOwner

    樣本:為使用者test授予Subject所有資源ResourceOwner角色

    #建立授權
confluent iam rbac role-binding create --principal User:test --role ResourceOwner --resource Subject:* --schema-registry-cluster <schema-registry-cluster-id> --kafka-cluster <kafka-cluster-id>

#查看授權
confluent iam rbac role-binding list --principal User:test --role ResourceOwner --resource Subject:* --schema-registry-cluster <schema-registry-cluster-id> --kafka-cluster <kafka-cluster-id>

#刪除授權
confluent iam rbac role-binding delete --principal User:test --role ResourceOwner --resource Subject:* --schema-registry-cluster <schema-registry-cluster-id> --kafka-cluster <kafka-cluster-id>

    Connect cluster

    Connect cluster中包含ClusterConnector兩種類型資源。

    Cluster

    支援配置的角色有:

    • AuditAdmin

    • ClusterAdmin

    • Operator

    • SecurityAdmin

    • SystemAdmin

    • UserAdmin

    樣本:為使用者test授予Connect叢集SystemAdmin角色

    #建立授權
confluent iam rbac role-binding create --principal User:test --role SystemAdmin  --connect-cluster <connect-cluster-id> --kafka-cluster <kafka-cluster-id>

#查看授權
confluent iam rbac role-binding list --principal User:test --role SystemAdmin  --connect-cluster <connect-cluster-id> --kafka-cluster <kafka-cluster-id>

#刪除授權
confluent iam rbac role-binding delete --principal User:test --role SystemAdmin  --connect-cluster <connect-cluster-id> --kafka-cluster <kafka-cluster-id>

    Connector

    支援配置的角色有:

    • DeveloperManage

    • DeveloperRead

    • DeveloperWrite

    • ResourceOwner

    樣本:為使用者test授予所有Connector ResourceOwner角色

    #建立授權
confluent iam rbac role-binding create --principal User:test --role ResourceOwner  --resource Connector:*  --connect-cluster <connect-cluster-id> --kafka-cluster <kafka-cluster-id>

#查看授權
confluent iam rbac role-binding list --principal User:test --role ResourceOwner --resource Connector:*  --connect-cluster <connect-cluster-id> --kafka-cluster <kafka-cluster-id>

#刪除授權
confluent iam rbac role-binding delete --principal User:test --role ResourceOwner --resource Connector:*  --connect-cluster <connect-cluster-id> --kafka-cluster <kafka-cluster-id>