There are 2 types of api keys - my (user) account and service account. When I use user account which gives you all the permissions, I can see my schema associated to my topic. However when I use service account, I can’t see the schema for my topic. What are the settings I need to see for my schema?
hey @alberttwong
could you please elaborate a bit?
how did you create the service account?
best,
michael
In my app, I try to query the schema associated to the topic. When using a “my account”, the schema show up but when I use a service account, the schema doesn’t show up. There online docs for confluent cloud doesn’t explain any of the permission options. What I’d like to know is what permissions are needed for the schema to show up.
In additional, I’ve tried various combinations of from allow to all options for a given topic and added more permissions on the cluster but it doesn’t work.
You click on the cluster → api key → add key
Schema Registry needs a different API key (distinct from this path, which gives you an API key for Kafka). You can create one by clicking on your environment, then Schema Registry in the lefthand navigation, then click API keys, then + Add API key. From here, pick the service account, click Next, then pick the environment and SR (Always On Stream Governance Package), click Next, then Create API key. This key is what you’d user in your app with client config:
basic.auth.credentials.source=USER_INFO
basic.auth.user.info=<SR API KEY>:<SR API SECRET>
Note that the service account should have RBAC set up to access Schema Registry. To do this, go to the top right hamburger icon, then Accounts & access, pick your service account, click Access, View access, Edit access, then pick the permissions you need (see here). E.g., All schema subjects resource and ResourceOwner role.
1 Like