prodigy91 opened a new issue, #17886: URL: https://github.com/apache/pulsar/issues/17886
### Search before asking - [X] I searched in the [issues](https://github.com/apache/pulsar/issues) and found nothing similar. ### Motivation Quite recently the GET /schema API has been made to work with Topic's GET_METADATA check. The POST and DELETE still requires tenant admin validation to succeed. Tenant Admin has a very wide capabilities where it can be used to manage & modify every namespace and topics under it. In the case where pulsar is managed centrally and users are given restricted permissions just to be able to produce, consume & get metadata around their topics and namespaces, we see that such users are not able to use Create & Update Schema apis. This is leading to issues when using pulsar-spark & debezium connectors which may call such apis. Till now we were relying on the namespace's isAllowAutoUpdateSchema policy to allow the producer to apply schema on the topic. but such approach is working out with pulsar-spark specially which explicitly calls schema api. I am creating this ticket to track the ideal approach & its implementation for checking authorization for schema apis. ### Solution Since schema pertains to the topic and we already have TopicOperation enum for checking all actions being performed on the topic, on the first glance it makes sense for TopicOperation to have schema related operation too. But I am not sure of the wider impact of doing this. ### Alternatives - ### Anything else? - ### Are you willing to submit a PR? - [ ] I'm willing to submit a PR! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
