Связаться с намиПодключиться

Managed Service for Apache Kafka® API, gRPC: UserService.RevokePermission

Статья создана
Обновлена 18 апреля 2025 г.

Revokes permission from the specified Kafka user.

gRPC request

rpc RevokePermission (RevokeUserPermissionRequest) returns (operation.Operation)

RevokeUserPermissionRequest

{
  "cluster_id": "string",
  "user_name": "string",
  "permission": {
    "topic_name": "string",
    "role": "AccessRole",
    "allow_hosts": [
      "string"
    ]
  }
}

Field

Description

cluster_id

string

Required field. ID of the Apache Kafka® cluster the user belongs to.

To get the cluster ID, make a ClusterService.List request.

user_name

string

Required field. Name of the user to revoke a permission from.

To get the name of the user, make a UserService.List request.

permission

Permission

Required field. Permission that should be revoked from the specified user.

Permission

Field

Description

topic_name

string

Name or prefix-pattern with wildcard for the topic that the permission grants access to.

To get the topic name, make a TopicService.List request.

role

enum AccessRole

Access role type to grant to the user.

  • ACCESS_ROLE_UNSPECIFIED
  • ACCESS_ROLE_PRODUCER: Producer role for the user.
  • ACCESS_ROLE_CONSUMER: Consumer role for the user.
  • ACCESS_ROLE_ADMIN: Admin role for the user.
  • ACCESS_ROLE_TOPIC_ADMIN: Admin permissions on topics role for the user.

allow_hosts[]

string

Lists hosts allowed for this permission.
Only ip-addresses allowed as value of single host.
When not defined, access from any host is allowed.

Bare in mind that the same host might appear in multiple permissions at the same time,
hence removing individual permission doesn't automatically restricts access from the allow_hosts of the permission.
If the same host(s) is listed for another permission of the same principal/topic, the host(s) remains allowed.

operation.Operation

{
  "id": "string",
  "description": "string",
  "created_at": "google.protobuf.Timestamp",
  "created_by": "string",
  "modified_at": "google.protobuf.Timestamp",
  "done": "bool",
  "metadata": {
    "cluster_id": "string",
    "user_name": "string"
  },
  // Includes only one of the fields `error`, `response`
  "error": "google.rpc.Status",
  "response": {
    "name": "string",
    "cluster_id": "string",
    "permissions": [
      {
        "topic_name": "string",
        "role": "AccessRole",
        "allow_hosts": [
          "string"
        ]
      }
    ]
  }
  // end of the list of possible fields
}

An Operation resource. For more information, see Operation.

Field

Description

id

string

ID of the operation.

description

string

Description of the operation. 0-256 characters long.

created_at

google.protobuf.Timestamp

Creation timestamp.

created_by

string

ID of the user or service account who initiated the operation.

modified_at

google.protobuf.Timestamp

The time when the Operation resource was last modified.

done

bool

If the value is false, it means the operation is still in progress.
If true, the operation is completed, and either error or response is available.

metadata

RevokeUserPermissionMetadata

Service-specific metadata associated with the operation.
It typically contains the ID of the target resource that the operation is performed on.
Any method that returns a long-running operation should document the metadata type, if any.

error

google.rpc.Status

The error result of the operation in case of failure or cancellation.

Includes only one of the fields error, response.

The operation result.
If done == false and there was no failure detected, neither error nor response is set.
If done == false and there was a failure detected, error is set.
If done == true, exactly one of error or response is set.

response

User

The normal response of the operation in case of success.
If the original method returns no data on success, such as Delete,
the response is google.protobuf.Empty.
If the original method is the standard Create/Update,
the response should be the target resource of the operation.
Any method that returns a long-running operation should document the response type, if any.

Includes only one of the fields error, response.

The operation result.
If done == false and there was no failure detected, neither error nor response is set.
If done == false and there was a failure detected, error is set.
If done == true, exactly one of error or response is set.

RevokeUserPermissionMetadata

Field

Description

cluster_id

string

ID of the Apache Kafka® cluster the user belongs to.

user_name

string

Name of the user whose permission is being revoked.

User

A Kafka user.
For more information, see the Operations -> Accounts section of the documentation.

Field

Description

name

string

Name of the Kafka user.

cluster_id

string

ID of the Apache Kafka® cluster the user belongs to.

To get the Apache Kafka® cluster ID, make a ClusterService.List request.

permissions[]

Permission

Set of permissions granted to this user.

Permission

Field

Description

topic_name

string

Name or prefix-pattern with wildcard for the topic that the permission grants access to.

To get the topic name, make a TopicService.List request.

role

enum AccessRole

Access role type to grant to the user.

  • ACCESS_ROLE_UNSPECIFIED
  • ACCESS_ROLE_PRODUCER: Producer role for the user.
  • ACCESS_ROLE_CONSUMER: Consumer role for the user.
  • ACCESS_ROLE_ADMIN: Admin role for the user.
  • ACCESS_ROLE_TOPIC_ADMIN: Admin permissions on topics role for the user.

allow_hosts[]

string

Lists hosts allowed for this permission.
Only ip-addresses allowed as value of single host.
When not defined, access from any host is allowed.

Bare in mind that the same host might appear in multiple permissions at the same time,
hence removing individual permission doesn't automatically restricts access from the allow_hosts of the permission.
If the same host(s) is listed for another permission of the same principal/topic, the host(s) remains allowed.
Предыдущая
GrantPermission
Следующая
Overview