After an MDS node is set up, you can create an MDS viewlet.
Using the Kafka MDS viewlet's action menu, you can use the Show Roles and Manage Roles actions to view and change aspects of Role-Based Access Control. For example, you can assign a role to a resource type, view the principals that a role is bound to, or add or delete principals.
The Show Roles action opens MDS Roles tab in the console pane.
For Role-Based Access Control, each role is displayed in a column in the console. For each role, the following information is provided:
- The Scope Type is the level at which the role is assigned: Cluster (access to all resources in a cluster) or Resource (access to specific resources).
- The allowed operations, which are divided into two rows. In both rows, you can scroll through values using the horizontal scroll bar provided.
- The Resource Type that the operation (action) is performed on
- The Role Operations that can be performed by users who are assigned the role
The comma-separated values in the Resource Types row correspond directly to the comma-separated values in the Role Operations row. For example, the AuditAdmin role shows Resource Types "Cluster, Cluster" and Role Operations "DescribeConfigs, AlterConfigs". These values indicate that users with this role can perform two operations on Clusters: DescribeConfigs and AlterConfigs.
Manage Roles opens the Manage Roles tab in the console pane. Use this tab to assign roles to resources.
- Click the resource that you want to assign a role to. The Select Role Name dialog opens.
- Select the Role Name that you want to assign to the resource.
- Click Select. Details for the role that you selected are displayed, including its Attributes (Scope Type, Resource Types, and Role Operations) and the Principals it is bound to.
- You can choose among the following options:
Add a new principal
Add a new principal for this role:
- Click Add New Principal.
- Enter the Principal Name for the new principal.
- Select its Principal Type: User or Group.
- Click Create. If the principal was created successfully, a success message is displayed.
- You can follow the steps below to open the new principal and view the roles that are bound to it (Principal Roles), Visible Clusters (based on the Resource you originally selected), and Principal Resources.
View details for the principal
View details for the principal, including Principal Roles, Visible Clusters, and Principal Resources:
- Select a principal from the list.
- Click Open Principal.
Remove the principal from the role
Remove the principal from the role:
- Select a principal for the role.
- Click Delete Principal.
If the principal is deleted successfully, a success message is displayed.