WarpStream.comSlackDiscordContact UsCreate Account

Workspaces and Access Controls

Overview of access control in the WarpStream web console.

Assigning Roles

The WarpStream web console supports role-based access control. When a user signs up for a new WarpStream account, they are assigned a default role called Admin. This grants them read and write access to any resource in the account. A second Read-only role is created on signup, which grants read access only and which by default isn't assigned to any users.

A user with unlimited read and write access can invite others to their WarpStream account by clicking the "Invite Teammate" button on the Team page. The invitation form includes a dropdown to select which role the teammate should be assigned to when they accept the invitation. A user with unlimited read and write access can also edit existing teammates' roles from the Team page. They can also configure new roles and edit existing roles by clicking the "Manage User Roles" button.

Roles and Workspaces

A role specifies the level of access users have in each workspace. A workspace is a logical grouping of resources such as virtual clusters, application keys, and schema registries. "Unlimited read and write access" means read and write access across all workspaces. Users can switch between workspaces via the dropdown menu on the top left of the console. Only the workspaces that their assigned roles grant access to appear in this menu. Users with unlimited read and write access can manage workspaces by clicking on the dropdown menu's Manage link. They can also manage account keys from the same page. See Secrets Overview for more on account keys. A workspace can only be deleted after its virtual clusters and schema registries have all been deleted.

Currently, a role grants either admin or read_only access to each workspace. For example, it would be typical for a WarpStream account to contain one workspace called staging and another called production. A role called production_admin might grant admin access to the production workspace. Another role called staging_admin might grant admin access to the staging workspace and read_only access to the production workspace. Users assigned to staging_admin would be able to create and delete resources in the staging workspace, but would only view existing resources in the production workspace. A user assigned to both roles would have admin access in both workspaces because grants are cumulative.

Accounts may have up to 10 workspaces by default. Contact us if you require more.

PreviousTrusted DomainsNextSecrets Overview

Last updated

Was this helpful?