DOC-1618: Single source Schema Registry Authorization for Cloud (#390)

Feediver1 · web-flow · commit 0e55bbefce96 · 2025-08-19T15:49:51.000-05:00
* DOC-1618

* wip

* added sr authz to what's new

* Update local-antora-playbook.yml
diff --git a/modules/ROOT/nav.adoc b/modules/ROOT/nav.adoc
@@ -426,6 +426,7 @@
 *** xref:manage:schema-reg/schema-reg-overview.adoc[]
 *** xref:manage:schema-reg/schema-reg-ui.adoc[]
 *** xref:manage:schema-reg/schema-reg-api.adoc[]
+*** xref:manage:schema-reg/schema-reg-authorization.adoc[Schema Registry Authorization]
 *** xref:manage:schema-reg/record-deserialization.adoc[Deserialization]
 *** xref:manage:schema-reg/programmable-push-filters.adoc[Programmable Push Filters]
 *** xref:manage:schema-reg/edit-topic-configuration.adoc[Edit Topic Configuration]
diff --git a/modules/get-started/pages/whats-new-cloud.adoc b/modules/get-started/pages/whats-new-cloud.adoc
@@ -29,6 +29,11 @@ xref:manage:iceberg/about-iceberg-topics.adoc[Iceberg topics] are now generally
 
 xref:get-started:cluster-types/byoc/azure/create-byoc-cluster-azure.adoc[BYOC for Azure] is now generally available (GA).
 
+
+=== Schema Registry Authorization
+
+You can now use xref:manage:schema-reg/schema-reg-authorization.adoc[Schema Registry Authorization] to control access to Schema Registry subjects and operations. Schema Registry Authorization offers more granular control over who can do what with your Redpanda Schema Registry resources. ACLs used for Schema Registry access also support RBAC roles.
+
 === Kafka Connect disabled on new clusters
 
 xref:develop:managed-connectors/index.adoc[Kafka Connect] is now disabled by default on all new clusters. To unlock this feature for your account, contact https://support.redpanda.com/hc/en-us/requests/new[Redpanda Support^]. If you previously enabled Kafka Connect on a cluster and want to xref:develop:managed-connectors/disable-kc.adoc[disable it], you can use the Cloud API.
diff --git a/modules/manage/pages/schema-reg/schema-reg-authorization.adoc b/modules/manage/pages/schema-reg/schema-reg-authorization.adoc
@@ -0,0 +1,4 @@
+= Schema Registry Authorization
+:description: Learn how to set up and manage Schema Registry Authorization using ACL definitions that control user access to specific Schema Registry operations.
+
+include::ROOT:manage:schema-reg/schema-reg-authorization.adoc[tag=single-source]
diff --git a/modules/reference/pages/properties/cluster-properties.adoc b/modules/reference/pages/properties/cluster-properties.adoc
@@ -8,4 +8,4 @@ NOTE: Some properties require a cluster restart for updates to take effect. This
 
 == Cluster configuration
 
-include::ROOT:reference:properties/cluster-properties.adoc[tags=audit_enabled;audit_excluded_principals;audit_excluded_topics;data_transforms_enabled;data_transforms_logging_line_max_bytes;iceberg_catalog_type;iceberg_delete;iceberg_enabled;iceberg_rest_catalog_client_id;iceberg_rest_catalog_client_secret;iceberg_rest_catalog_token;iceberg_rest_catalog_authentication_mode;iceberg_rest_catalog_base_location;iceberg_rest_catalog_endpoint;iceberg_rest_catalog_oauth2_server_uri;iceberg_rest_catalog_warehouse;iceberg_rest_catalog_request_timeout_ms;iceberg_default_partition_spec;iceberg_invalid_record_action;iceberg_target_lag_ms;iceberg_rest_catalog_trust;iceberg_rest_catalog_crl;data_transforms_per_function_memory_limit;data_transforms_binary_max_size;log_segment_ms;http_authentication;iceberg_catalog_base_location;default_topic_replications;minimum_topic_replications;oidc_discovery_url;oidc_principal_mapping;oidc_token_audience;sasl_mechanisms;tls_min_version;audit_log_num_partitions;data_transforms_per_core_memory_reservation;iceberg_disable_snapshot_tagging;enable_consumer_group_metrics]
+include::ROOT:reference:properties/cluster-properties.adoc[tags=audit_enabled;audit_excluded_principals;audit_excluded_topics;data_transforms_enabled;data_transforms_logging_line_max_bytes;iceberg_catalog_type;iceberg_delete;iceberg_enabled;iceberg_rest_catalog_client_id;iceberg_rest_catalog_client_secret;iceberg_rest_catalog_token;iceberg_rest_catalog_authentication_mode;iceberg_rest_catalog_base_location;iceberg_rest_catalog_endpoint;iceberg_rest_catalog_oauth2_server_uri;iceberg_rest_catalog_warehouse;iceberg_rest_catalog_request_timeout_ms;iceberg_default_partition_spec;iceberg_invalid_record_action;iceberg_target_lag_ms;iceberg_rest_catalog_trust;iceberg_rest_catalog_crl;data_transforms_per_function_memory_limit;data_transforms_binary_max_size;log_segment_ms;http_authentication;iceberg_catalog_base_location;default_topic_replications;minimum_topic_replications;oidc_discovery_url;oidc_principal_mapping;oidc_token_audience;sasl_mechanisms;tls_min_version;audit_log_num_partitions;data_transforms_per_core_memory_reservation;iceberg_disable_snapshot_tagging;enable_consumer_group_metrics;schema_registry_enable_authorization]

Original file line number	Diff line number	Diff line change
`@@ -8,4 +8,4 @@ NOTE: Some properties require a cluster restart for updates to take effect. This`
`8`	`8`
`9`	`9`	`== Cluster configuration`
`10`	`10`
`11`		-include::ROOT:reference:properties/cluster-properties.adoc[tags=audit_enabled;audit_excluded_principals;audit_excluded_topics;data_transforms_enabled;data_transforms_logging_line_max_bytes;iceberg_catalog_type;iceberg_delete;iceberg_enabled;iceberg_rest_catalog_client_id;iceberg_rest_catalog_client_secret;iceberg_rest_catalog_token;iceberg_rest_catalog_authentication_mode;iceberg_rest_catalog_base_location;iceberg_rest_catalog_endpoint;iceberg_rest_catalog_oauth2_server_uri;iceberg_rest_catalog_warehouse;iceberg_rest_catalog_request_timeout_ms;iceberg_default_partition_spec;iceberg_invalid_record_action;iceberg_target_lag_ms;iceberg_rest_catalog_trust;iceberg_rest_catalog_crl;data_transforms_per_function_memory_limit;data_transforms_binary_max_size;log_segment_ms;http_authentication;iceberg_catalog_base_location;default_topic_replications;minimum_topic_replications;oidc_discovery_url;oidc_principal_mapping;oidc_token_audience;sasl_mechanisms;tls_min_version;audit_log_num_partitions;data_transforms_per_core_memory_reservation;iceberg_disable_snapshot_tagging;enable_consumer_group_metrics]
	`11`	+include::ROOT:reference:properties/cluster-properties.adoc[tags=audit_enabled;audit_excluded_principals;audit_excluded_topics;data_transforms_enabled;data_transforms_logging_line_max_bytes;iceberg_catalog_type;iceberg_delete;iceberg_enabled;iceberg_rest_catalog_client_id;iceberg_rest_catalog_client_secret;iceberg_rest_catalog_token;iceberg_rest_catalog_authentication_mode;iceberg_rest_catalog_base_location;iceberg_rest_catalog_endpoint;iceberg_rest_catalog_oauth2_server_uri;iceberg_rest_catalog_warehouse;iceberg_rest_catalog_request_timeout_ms;iceberg_default_partition_spec;iceberg_invalid_record_action;iceberg_target_lag_ms;iceberg_rest_catalog_trust;iceberg_rest_catalog_crl;data_transforms_per_function_memory_limit;data_transforms_binary_max_size;log_segment_ms;http_authentication;iceberg_catalog_base_location;default_topic_replications;minimum_topic_replications;oidc_discovery_url;oidc_principal_mapping;oidc_token_audience;sasl_mechanisms;tls_min_version;audit_log_num_partitions;data_transforms_per_core_memory_reservation;iceberg_disable_snapshot_tagging;enable_consumer_group_metrics;schema_registry_enable_authorization]