When a schema is used by Kafka serdes it becomes a critical dependency for accessing those records. This means that making the schema unavailable can render TB of data unreadable by Kafka consumers. Deleting an artifact is one way of doing exactly that, and yet it's something supported via the REST API and protected only by an write permission.
It should be possible to provide better assurances that record data remains readable.
Proposed Solution
One way to do that is a configuration option for enabling the deletion functionality. To successfully delete an artifact this option would need to be enabled AND the authenticated user would need write permission. I understand there is already such an option for deleting artifact versions, but not whole artifacts.
Another possibility (not exclusive of the above) is to have a separate delete permission.
Feature or Problem Description
When a schema is used by Kafka serdes it becomes a critical dependency for accessing those records. This means that making the schema unavailable can render TB of data unreadable by Kafka consumers. Deleting an artifact is one way of doing exactly that, and yet it's something supported via the REST API and protected only by an
write
permission.It should be possible to provide better assurances that record data remains readable.
Proposed Solution
One way to do that is a configuration option for enabling the deletion functionality. To successfully delete an artifact this option would need to be enabled AND the authenticated user would need
write
permission. I understand there is already such an option for deleting artifact versions, but not whole artifacts.Another possibility (not exclusive of the above) is to have a separate
delete
permission.