Grant Role-Based Access for Tableflow in Confluent Cloud

Tableflow supports Role-based Access Control (RBAC) for managing access to Tableflow resources. There are no Tableflow-specific roles to configure, and access to Tableflow typically mirrors access to Apache Kafka® resources.

Access to Tableflow resources

The following table shows the roles, scope, and permitted management operations of Tableflow.

Roles	Scope	Enable/Disable/Update Tableflow with Confluent storage	Enable/Disable/Update Tableflow with custom storage	View and list table	Data plane read
OrganizationAdmin	Organization	Yes	Yes	Yes	Yes
EnvironmentAdmin	Environment	Yes	Yes	Yes	Yes
CloudClusterAdmin	Cloud cluster	Yes [1]	Yes [2]	Yes	Yes
ResourceOwner	Topic	No	No	Yes	Yes
OrganizationOperator	Organization	No	No	Yes	No
EnvironmentOperator	Environment	No	No	Yes	No
CloudClusterOperator	Cloud cluster	No	No	Yes	No
DeveloperManage	Cluster	No	No	Yes	No
DeveloperRead	Cluster	No	No	No	Yes
Others	No	No	No	No	No

[1]	With DeveloperWrite access on all schema subjects

[2]	With DeveloperWrite access on all schema subjects and Assigner access on provider integrations

TableflowTopics APIs

TableflowTopics APIs enable managing Tableflow for a topic. These management operations include:

• CREATE: Enable Tableflow for a topic and set the configurations.
• UPDATE: Update the Tableflow configurations for a topic
• DELETE: Disable tableflow for a topic
• GET: Get the current Tableflow status for a topic along with the configurations
• LIST: Get the Tableflow status and configurations for all topics in a cluster.

Catalog Integration APIs

Catalog Integration APIs enable managing the external catalog integrations, like AWS Glue Data Catalog and Snowflake Polaris. The following table shows the roles, scopes, and permitted catalog integration management operations for RBAC roles.

Roles	Scope	Create/Update/Delete Catalog Integration	View Catalog Integration
CloudClusterAdmin	Cloud cluster	Yes [3]	Yes
EnvironmentAdmin	Environment	Yes	Yes
OrganizationAdmin	Organization	Yes	Yes
Others		No	No

[3]	With ProviderIntegrationResourceOwner or ProviderIntegrationAssigner roles for Glue

Related content

• Monitor Tableflow
• Supported Cloud Regions
• Tableflow Storage

Note

This website includes content developed at the Apache Software Foundation under the terms of the Apache License v2.