Authorization

There are two types of authorization in Redpanda Cloud:

User authorization
- Use role-based access control (RBAC) in the control plane and in the data plane to assign users access to specific resources. For example, you could grant everyone access to clusters in a development resource group while limiting access to clusters in a production resource group. Or, you could limit access to geographically-dispersed clusters in accordance with data residency laws. This alleviates the process of manually maintaining and verifying a set of ACLs for a user base that may contain thousands of users.
- Use Kafka access control lists (ACLs) to grant users permission to perform specific types of operations on specific resources (such as topics, groups, clusters, or transactional IDs). ACLs provide a way to configure fine-grained access to provisioned users. ACLs work with SASL/SCRAM and with mTLS with principal mapping for authentication.

BYOC agent authorization

When deploying an agent as part of BYOC cluster provisioning, Redpanda Cloud automatically assigns IAM policies to the agent. The IAM policy permissions granted to the agent provide it the authorization required to fully manage Redpanda Cloud clusters in AWS, Azure, or GCP.

IAM policies do not apply or act as deployment permissions, and there are no explicit user actions associated with IAM policies. Rather, IAM policy permissions apply to Redpanda Cloud agents only, and serve to provide Redpanda agents access to AWS, GCP, or Azure clusters so Redpanda brokers can communicate with them.

Was this helpful?

group Ask in the community

mail Share your feedback

group_add Make a contribution

What do you like about this doc?

Let us know what we do well:

Let us contact you about your feedback:

What did you not like about this doc?

Let us know what we can improve:

Let us contact you about your feedback:

Authorization

Simple online edits

Contribution guide