Yandex Cloud
  • Services
  • Solutions
  • Why Yandex Cloud
  • Pricing
  • Documentation
  • Contact us
Get started
Language / Region
© 2022 Yandex.Cloud LLC
Yandex Managed Service for Apache Kafka®
  • Getting started
  • Step-by-step instructions
    • All instructions
    • Information about existing clusters
    • Creating clusters
    • Connecting to clusters
    • Stopping and starting clusters
    • Changing cluster settings
    • Managing Apache Kafka® hosts
    • Working with topics and partitions
    • Managing Kafka accounts
    • Managing connectors
    • Viewing cluster logs
    • Deleting a cluster
    • Monitoring the state of a cluster and hosts
  • Practical guidelines
    • All use cases
    • Data delivery in Managed Service for ClickHouse
    • Configuring Kafka Connect for Managed Service for Apache Kafka®
    • Data delivery in ksqlDB
    • Using Confluent Schema Registry with Managed Service for Apache Kafka®
    • Migrating with MirrorMaker 2.0
    • Delivering data using Debezium
  • Concepts
    • Relationship between service resources
    • Topics and partitions
    • Brokers
    • Producers and consumers
    • Managing data schemas
    • Host classes
    • Network in Managed Service for Apache Kafka®
    • Quotas and limits
    • Storage types
    • Connectors
    • Apache Kafka® settings
  • Access management
  • Pricing policy
  • API reference
    • Authentication in the API
    • gRPC
      • Overview
      • ClusterService
      • ConnectorService
      • ResourcePresetService
      • TopicService
      • UserService
      • OperationService
    • REST
      • Overview
      • Cluster
        • Overview
        • create
        • delete
        • get
        • list
        • listHosts
        • listLogs
        • listOperations
        • move
        • rescheduleMaintenance
        • start
        • stop
        • streamLogs
        • update
      • Connector
        • Overview
        • create
        • delete
        • get
        • list
        • pause
        • resume
        • update
      • ResourcePreset
        • Overview
        • get
        • list
      • Topic
        • Overview
        • create
        • delete
        • get
        • list
        • update
      • User
        • Overview
        • create
        • delete
        • get
        • grantPermission
        • list
        • revokePermission
        • update
      • Operation
        • Overview
        • get
  • Questions and answers
  1. API reference
  2. gRPC
  3. UserService

UserService

Written by
Yandex.Cloud
  • Calls UserService
  • Get
    • GetUserRequest
    • User
    • Permission
  • List
    • ListUsersRequest
    • ListUsersResponse
    • User
    • Permission
  • Create
    • CreateUserRequest
    • UserSpec
    • Permission
    • Operation
    • CreateUserMetadata
    • User
    • Permission
  • Update
    • UpdateUserRequest
    • Permission
    • Operation
    • UpdateUserMetadata
    • User
    • Permission
  • Delete
    • DeleteUserRequest
    • Operation
    • DeleteUserMetadata
  • GrantPermission
    • GrantUserPermissionRequest
    • Permission
    • Operation
    • GrantUserPermissionMetadata
    • User
    • Permission
  • RevokePermission
    • RevokeUserPermissionRequest
    • Permission
    • Operation
    • RevokeUserPermissionMetadata
    • User
    • Permission

A set of methods for managing Kafka users.

Call Description
Get Returns the specified Kafka user.
List Retrieves the list of Kafka users in the specified cluster.
Create Creates a Kafka user in the specified cluster.
Update Updates the specified Kafka user.
Delete Deletes the specified Kafka user.
GrantPermission Grants permission to the specified Kafka user.
RevokePermission Revokes permission from the specified Kafka user.

Calls UserService

Get

Returns the specified Kafka user.
To get the list of available Kafka users, make a List request.

rpc Get (GetUserRequest) returns (User)

GetUserRequest

Field Description
cluster_id string
Required. ID of the Apache Kafka® cluster the user belongs to.
To get the cluster ID, make a ClusterService.List request. The maximum string length in characters is 50.
user_name string
Required. Name of the Kafka user to return.
To get the name of the user, make a UserService.List request. The string length in characters must be 1-63. Value must match the regular expression [a-zA-Z0-9_]*.

User

Field Description
name string
Name of the Kafka user.
cluster_id string
ID of the Apache Kafka® cluster the user belongs to.
To get the Apache Kafka® cluster ID, make a ClusterService.List request.
permissions[] Permission
Set of permissions granted to this user.

Permission

Field Description
topic_name string
Name or prefix-pattern with wildcard for the topic that the permission grants access to.
To get the topic name, make a TopicService.List request.
role enum AccessRole
Access role type to grant to the user.
  • ACCESS_ROLE_PRODUCER: producer role for the user.
  • ACCESS_ROLE_CONSUMER: consumer role for the user.
  • ACCESS_ROLE_ADMIN: admin role for the user.

List

Retrieves the list of Kafka users in the specified cluster.

rpc List (ListUsersRequest) returns (ListUsersResponse)

ListUsersRequest

Field Description
cluster_id string
Required. ID of the Apache Kafka® cluster to list Kafka users in.
To get the Apache Kafka® cluster ID, make a ClusterService.List request. The maximum string length in characters is 50.
page_size int64
The maximum number of results per page to return.
If the number of available results is larger than page_size, the service returns a ListUsersResponse.next_page_token that can be used to get the next page of results in subsequent list requests. The maximum value is 1000.
page_token string
Page token.
To get the next page of results, set page_token to the ListUsersResponse.next_page_token returned by a previous list request. The maximum string length in characters is 100.

ListUsersResponse

Field Description
users[] User
List of Kafka users.
next_page_token string
This token allows you to get the next page of results for list requests.
If the number of results is larger than ListUsersRequest.page_size, use the next_page_token as the value for the ListUsersRequest.page_token parameter in the next list request. Each subsequent list request will have its own next_page_token to continue paging through the results.

User

Field Description
name string
Name of the Kafka user.
cluster_id string
ID of the Apache Kafka® cluster the user belongs to.
To get the Apache Kafka® cluster ID, make a ClusterService.List request.
permissions[] Permission
Set of permissions granted to this user.

Permission

Field Description
topic_name string
Name or prefix-pattern with wildcard for the topic that the permission grants access to.
To get the topic name, make a TopicService.List request.
role enum AccessRole
Access role type to grant to the user.
  • ACCESS_ROLE_PRODUCER: producer role for the user.
  • ACCESS_ROLE_CONSUMER: consumer role for the user.
  • ACCESS_ROLE_ADMIN: admin role for the user.

Create

Creates a Kafka user in the specified cluster.

rpc Create (CreateUserRequest) returns (operation.Operation)

Metadata and response of Operation:

    Operation.metadata:CreateUserMetadata

    Operation.response:User

CreateUserRequest

Field Description
cluster_id string
Required. ID of the Apache Kafka® cluster to create a user in.
To get the cluster ID, make a ClusterService.List request. The maximum string length in characters is 50.
user_spec UserSpec
Required. Configuration of the user to create.

UserSpec

Field Description
name string
Required. Name of the Kafka user. The string length in characters must be 1-256. Value must match the regular expression [a-zA-Z0-9_]*.
password string
Required. Password of the Kafka user. The string length in characters must be 8-128.
permissions[] Permission
Set of permissions granted to the user.

Permission

Field Description
topic_name string
Name or prefix-pattern with wildcard for the topic that the permission grants access to.
To get the topic name, make a TopicService.List request.
role enum AccessRole
Access role type to grant to the user.
  • ACCESS_ROLE_PRODUCER: producer role for the user.
  • ACCESS_ROLE_CONSUMER: consumer role for the user.
  • ACCESS_ROLE_ADMIN: admin role for the user.

Operation

Field Description
id string
ID of the operation.
description string
Description of the operation. 0-256 characters long.
created_at google.protobuf.Timestamp
Creation timestamp.
created_by string
ID of the user or service account who initiated the operation.
modified_at google.protobuf.Timestamp
The time when the Operation resource was last modified.
done bool
If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
metadata google.protobuf.Any<CreateUserMetadata>
Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
result oneof: error or response
The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
  error google.rpc.Status
The error result of the operation in case of failure or cancellation.
  response google.protobuf.Any<User>
if operation finished successfully.

CreateUserMetadata

Field Description
cluster_id string
ID of the Apache Kafka® cluster the user is being created in.
user_name string
Name of the user that is being created.

User

Field Description
name string
Name of the Kafka user.
cluster_id string
ID of the Apache Kafka® cluster the user belongs to.
To get the Apache Kafka® cluster ID, make a ClusterService.List request.
permissions[] Permission
Set of permissions granted to this user.

Permission

Field Description
topic_name string
Name or prefix-pattern with wildcard for the topic that the permission grants access to.
To get the topic name, make a TopicService.List request.
role enum AccessRole
Access role type to grant to the user.
  • ACCESS_ROLE_PRODUCER: producer role for the user.
  • ACCESS_ROLE_CONSUMER: consumer role for the user.
  • ACCESS_ROLE_ADMIN: admin role for the user.

Update

Updates the specified Kafka user.

rpc Update (UpdateUserRequest) returns (operation.Operation)

Metadata and response of Operation:

    Operation.metadata:UpdateUserMetadata

    Operation.response:User

UpdateUserRequest

Field Description
cluster_id string
Required. ID of the Apache Kafka® cluster the user belongs to.
To get the cluster ID, make a ClusterService.List request. The maximum string length in characters is 50.
user_name string
Required. Name of the user to be updated.
To get the name of the user, make a UserService.List request. The string length in characters must be 1-63. Value must match the regular expression [a-zA-Z0-9_]*.
update_mask google.protobuf.FieldMask
password string
New password for the user. The string length in characters must be 8-128.
permissions[] Permission
New set of permissions for the user.

Permission

Field Description
topic_name string
Name or prefix-pattern with wildcard for the topic that the permission grants access to.
To get the topic name, make a TopicService.List request.
role enum AccessRole
Access role type to grant to the user.
  • ACCESS_ROLE_PRODUCER: producer role for the user.
  • ACCESS_ROLE_CONSUMER: consumer role for the user.
  • ACCESS_ROLE_ADMIN: admin role for the user.

Operation

Field Description
id string
ID of the operation.
description string
Description of the operation. 0-256 characters long.
created_at google.protobuf.Timestamp
Creation timestamp.
created_by string
ID of the user or service account who initiated the operation.
modified_at google.protobuf.Timestamp
The time when the Operation resource was last modified.
done bool
If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
metadata google.protobuf.Any<UpdateUserMetadata>
Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
result oneof: error or response
The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
  error google.rpc.Status
The error result of the operation in case of failure or cancellation.
  response google.protobuf.Any<User>
if operation finished successfully.

UpdateUserMetadata

Field Description
cluster_id string
ID of the Apache Kafka® cluster the user belongs to.
user_name string
Name of the user that is being updated.

User

Field Description
name string
Name of the Kafka user.
cluster_id string
ID of the Apache Kafka® cluster the user belongs to.
To get the Apache Kafka® cluster ID, make a ClusterService.List request.
permissions[] Permission
Set of permissions granted to this user.

Permission

Field Description
topic_name string
Name or prefix-pattern with wildcard for the topic that the permission grants access to.
To get the topic name, make a TopicService.List request.
role enum AccessRole
Access role type to grant to the user.
  • ACCESS_ROLE_PRODUCER: producer role for the user.
  • ACCESS_ROLE_CONSUMER: consumer role for the user.
  • ACCESS_ROLE_ADMIN: admin role for the user.

Delete

Deletes the specified Kafka user.

rpc Delete (DeleteUserRequest) returns (operation.Operation)

Metadata and response of Operation:

    Operation.metadata:DeleteUserMetadata

    Operation.response:google.protobuf.Empty

DeleteUserRequest

Field Description
cluster_id string
Required. ID of the Apache Kafka® cluster the user belongs to. To get the cluster ID, make a ClusterService.List request. The maximum string length in characters is 50.
user_name string
Required. Name of the user to delete. To get the name of the user, make a UserService.List request. The string length in characters must be 1-63. Value must match the regular expression [a-zA-Z0-9_]*.

Operation

Field Description
id string
ID of the operation.
description string
Description of the operation. 0-256 characters long.
created_at google.protobuf.Timestamp
Creation timestamp.
created_by string
ID of the user or service account who initiated the operation.
modified_at google.protobuf.Timestamp
The time when the Operation resource was last modified.
done bool
If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
metadata google.protobuf.Any<DeleteUserMetadata>
Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
result oneof: error or response
The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
  error google.rpc.Status
The error result of the operation in case of failure or cancellation.
  response google.protobuf.Any<google.protobuf.Empty>
if operation finished successfully.

DeleteUserMetadata

Field Description
cluster_id string
ID of the Apache Kafka® cluster the user belongs to.
user_name string
Name of the user that is being deleted.

GrantPermission

Grants permission to the specified Kafka user.

rpc GrantPermission (GrantUserPermissionRequest) returns (operation.Operation)

Metadata and response of Operation:

    Operation.metadata:GrantUserPermissionMetadata

    Operation.response:User

GrantUserPermissionRequest

Field Description
cluster_id string
Required. ID of the Apache Kafka® cluster the user belongs to.
To get the cluster ID, make a ClusterService.List request. The maximum string length in characters is 50.
user_name string
Required. Name of the user to grant the permission to.
To get the name of the user, make a UserService.List request. The string length in characters must be 1-63. Value must match the regular expression [a-zA-Z0-9_]*.
permission Permission
Required. Permission that should be granted to the specified user.

Permission

Field Description
topic_name string
Name or prefix-pattern with wildcard for the topic that the permission grants access to.
To get the topic name, make a TopicService.List request.
role enum AccessRole
Access role type to grant to the user.
  • ACCESS_ROLE_PRODUCER: producer role for the user.
  • ACCESS_ROLE_CONSUMER: consumer role for the user.
  • ACCESS_ROLE_ADMIN: admin role for the user.

Operation

Field Description
id string
ID of the operation.
description string
Description of the operation. 0-256 characters long.
created_at google.protobuf.Timestamp
Creation timestamp.
created_by string
ID of the user or service account who initiated the operation.
modified_at google.protobuf.Timestamp
The time when the Operation resource was last modified.
done bool
If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
metadata google.protobuf.Any<GrantUserPermissionMetadata>
Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
result oneof: error or response
The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
  error google.rpc.Status
The error result of the operation in case of failure or cancellation.
  response google.protobuf.Any<User>
if operation finished successfully.

GrantUserPermissionMetadata

Field Description
cluster_id string
ID of the Apache Kafka® cluster the user belongs to.
To get the cluster ID, make a ClusterService.List request.
user_name string
Name of the user that is being granted a permission.

User

Field Description
name string
Name of the Kafka user.
cluster_id string
ID of the Apache Kafka® cluster the user belongs to.
To get the Apache Kafka® cluster ID, make a ClusterService.List request.
permissions[] Permission
Set of permissions granted to this user.

Permission

Field Description
topic_name string
Name or prefix-pattern with wildcard for the topic that the permission grants access to.
To get the topic name, make a TopicService.List request.
role enum AccessRole
Access role type to grant to the user.
  • ACCESS_ROLE_PRODUCER: producer role for the user.
  • ACCESS_ROLE_CONSUMER: consumer role for the user.
  • ACCESS_ROLE_ADMIN: admin role for the user.

RevokePermission

Revokes permission from the specified Kafka user.

rpc RevokePermission (RevokeUserPermissionRequest) returns (operation.Operation)

Metadata and response of Operation:

    Operation.metadata:RevokeUserPermissionMetadata

    Operation.response:User

RevokeUserPermissionRequest

Field Description
cluster_id string
Required. ID of the Apache Kafka® cluster the user belongs to.
To get the cluster ID, make a ClusterService.List request. The maximum string length in characters is 50.
user_name string
Required. Name of the user to revoke a permission from.
To get the name of the user, make a UserService.List request. The string length in characters must be 1-63. Value must match the regular expression [a-zA-Z0-9_]*.
permission Permission
Required. Permission that should be revoked from the specified user.

Permission

Field Description
topic_name string
Name or prefix-pattern with wildcard for the topic that the permission grants access to.
To get the topic name, make a TopicService.List request.
role enum AccessRole
Access role type to grant to the user.
  • ACCESS_ROLE_PRODUCER: producer role for the user.
  • ACCESS_ROLE_CONSUMER: consumer role for the user.
  • ACCESS_ROLE_ADMIN: admin role for the user.

Operation

Field Description
id string
ID of the operation.
description string
Description of the operation. 0-256 characters long.
created_at google.protobuf.Timestamp
Creation timestamp.
created_by string
ID of the user or service account who initiated the operation.
modified_at google.protobuf.Timestamp
The time when the Operation resource was last modified.
done bool
If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
metadata google.protobuf.Any<RevokeUserPermissionMetadata>
Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
result oneof: error or response
The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
  error google.rpc.Status
The error result of the operation in case of failure or cancellation.
  response google.protobuf.Any<User>
if operation finished successfully.

RevokeUserPermissionMetadata

Field Description
cluster_id string
ID of the Apache Kafka® cluster the user belongs to.
user_name string
Name of the user whose permission is being revoked.

User

Field Description
name string
Name of the Kafka user.
cluster_id string
ID of the Apache Kafka® cluster the user belongs to.
To get the Apache Kafka® cluster ID, make a ClusterService.List request.
permissions[] Permission
Set of permissions granted to this user.

Permission

Field Description
topic_name string
Name or prefix-pattern with wildcard for the topic that the permission grants access to.
To get the topic name, make a TopicService.List request.
role enum AccessRole
Access role type to grant to the user.
  • ACCESS_ROLE_PRODUCER: producer role for the user.
  • ACCESS_ROLE_CONSUMER: consumer role for the user.
  • ACCESS_ROLE_ADMIN: admin role for the user.

Was the article helpful?

Language / Region
© 2022 Yandex.Cloud LLC
In this article:
  • Calls UserService
  • Get
  • GetUserRequest
  • User
  • Permission
  • List
  • ListUsersRequest
  • ListUsersResponse
  • User
  • Permission
  • Create
  • CreateUserRequest
  • UserSpec
  • Permission
  • Operation
  • CreateUserMetadata
  • User
  • Permission
  • Update
  • UpdateUserRequest
  • Permission
  • Operation
  • UpdateUserMetadata
  • User
  • Permission
  • Delete
  • DeleteUserRequest
  • Operation
  • DeleteUserMetadata
  • GrantPermission
  • GrantUserPermissionRequest
  • Permission
  • Operation
  • GrantUserPermissionMetadata
  • User
  • Permission
  • RevokePermission
  • RevokeUserPermissionRequest
  • Permission
  • Operation
  • RevokeUserPermissionMetadata
  • User
  • Permission