When a schema is used by Kafka serdes it becomes a critical dependency for accessing those records. This means that making the schema unavailable can render TB of data unreadable by Kafka consumers. Deleting an artifact is one way of doing exactly that, and yet it's something supported via the REST API and protected only by an write permission.
It should be possible to provide better assurances that record data remains readable.
Proposed Solution
One way to do that is a configuration option for enabling the deletion functionality. To successfully delete an artifact this option would need to be enabled AND the authenticated user would need write permission. I understand there is already such an option for deleting artifact versions, but not whole artifacts.
Another possibility (not exclusive of the above) is to have a separate delete permission.
EricWittmann
commented
1 month ago
Feature or Problem Description
When a schema is used by Kafka serdes it becomes a critical dependency for accessing those records. This means that making the schema unavailable can render TB of data unreadable by Kafka consumers. Deleting an artifact is one way of doing exactly that, and yet it's something supported via the REST API and protected only by an
writepermission.It should be possible to provide better assurances that record data remains readable.
Proposed Solution
One way to do that is a configuration option for enabling the deletion functionality. To successfully delete an artifact this option would need to be enabled AND the authenticated user would need
writepermission. I understand there is already such an option for deleting artifact versions, but not whole artifacts.Another possibility (not exclusive of the above) is to have a separate
deletepermission.