Relation between API keys and ACL's and RBAC

onlymohan · 10 July 2022 21:08

It is confusing and documentation is not clear to understand it properly. Any help understanding will be appreciated.

If you are organizationAdmin, and created a Cloud API key, does it automatically have environmentAdmin and ClsuterAdmin permissions?

Are APIKeys needed for each cluster to use the REST API’s, is it possible to create APIKey at the Organization level?

brendan-s · 13 July 2022 13:43

If you are organizationAdmin, and created a Cloud API key, does it automatically have environmentAdmin and ClsuterAdmin permissions?

OrganizationAdmin is the highest privileged role, so it would be a “super set” of EnvironmentAdmin and CloudClusterAdmin [and other] roles. An API key is associated with a user/service account, so inherits that account’s permissions.

Are APIKeys needed for each cluster to use the REST API’s

Depends on the REST API endpoint. See REST API Authentication

is it possible to create APIKey at the Organization level?

Cloud API keys are the only type of keys scoped at the Organization level

onlymohan · 13 July 2022 20:16

@brendan-s : Thank you for the response. I understand now, and feel more comfortable now.

Topic		Replies	Views
Programatically creating Kafka API Keys Confluent Cloud	7	2709	6 April 2022
Issue with Create ACL for Service Account using REST APIs Confluent Cloud	18	3949	30 January 2023
Admin ClusterAuthorizationException Confluent Cloud	7	8502	11 May 2021
Cloud REST API's not returning the full list Role-bindings Confluent Cloud	0	2505	13 July 2022
Understand difference in Create operation in ACL Confluent Cloud	0	2031	30 January 2023

Relation between API keys and ACL's and RBAC

Related Topics