More granular RBAC actions for Kafka Connect

[dmalik16]

Issue submitter TODO list

• I've searched for an already existing issues here
• I'm running a supported version of the application which is listed here and the feature is not present there

Is your proposal related to a problem?

Our use case for Kafka-UI is providing visibility to topics and connectors for Kafka developers to help troubleshoot and assist the development process.

The granular RBAC access provided for topics works with our goal of providing the ability to assign RBAC actions so devs can view topic info and messages, but not create/delete/edit their allowed topics (we have a pipeline service for that).

With Connect, we want the RBAC allowed devs to be able to view their connector status, pause/resume and restart but not view the configs as they contain secrets, nor create/edit/delete the connector itself (we have a pipeline service for this as well).

With the current RBAC actions for Connect (view, edit, create and restart (as of #3720, which BTW, "restart" is not listed in the docs as a valid Connect RBAC action in https://docs.kafka-ui.provectus.io/configuration/rbac-role-based-access-control), this is an issue for us as we cannot easily grant the access we'd like.

Describe the feature you're interested in

Similar to the recently added "restart" Connect RBAC action, it would be useful to have "pause/resume" be it's own action and if that gets removed from "edit", indifferent about that unless "restart" was removed from "edit" then consistency would have that removed as well.
Right now in order to use "restart", you have to have "view" and "view" grants access to view the config exposing secrets. Just giving "restart" is not enough to be able to see matching topics defined in the roles.
Perhaps adding a "status" action just allows that, status only and no config view (or even just allowing an action such as "restart" the ability to see the defined matching connectors).
This would allow us to grant "status", "restart", "pause/resume" to the owning devs.
While not an issue for our use case, like topic actions, "delete" should be it's own action as well, not part of "edit", giving Connect the similar CRUD actions as topics.

Describe alternatives you've considered

No response

Version you're running

0.7.1

Additional context

No response

[github-actions]

Hello there dmalik16! 👋

Thank you and congratulations 🎉 for opening your very first issue in this project! 💖

In case you want to claim this issue, please comment down below! We will try to get back to you as soon as we can. 👀

[Haarolean]

Hi, sounds reasonable, we'll consider this.

Regarding the documentation, it's quite hard to keep everything up to date despite the efforts, that's why our documentation is open-source as well, here, feel free to propose edits. Also every page has a "edit on github" link.