You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/get-started/pages/whats-new-cloud.adoc
+6Lines changed: 6 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,6 +8,12 @@ This page lists new features added to Redpanda Cloud.
8
8
9
9
== October 2025
10
10
11
+
=== User impersonation: beta
12
+
13
+
BYOC and Dedicated clusters now support unified authentication and authorization between the Redpanda Cloud UI and Redpanda with xref:security:cloud-authentication.adoc#user-impersonation-beta[user impersonation]. This means you can authenticate to fine-grained access within Redpanda using the same credentials you use to authenticate to Redpanda Cloud.
14
+
15
+
With user impersonation, the topics users see in the UI are identical to what they can access with the Cloud API or `rpk`, ensuring consistent permissions across all interfaces. This glossterm:beta[] feature provides clear auditing of data plane user actions.
16
+
11
17
=== Remote MCP: beta
12
18
13
19
Deploy managed MCP servers directly inside your Redpanda Cloud cluster with xref:ai-agents:mcp/remote/overview.adoc[Remote MCP]. Unlike the Redpanda Cloud MCP Server, Remote MCP servers run within your cluster and can process data streams, generate synthetic data, and publish directly to Redpanda topics.
Copy file name to clipboardExpand all lines: modules/security/pages/cloud-authentication.adoc
+16-6Lines changed: 16 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -113,16 +113,26 @@ Administrators can require MFA for all users in an organization.
113
113
114
114
include::shared:partial$feature-flag.adoc[]
115
115
116
-
Redpanda Cloud supports unified authentication and authorization between Redpanda Cloud and Redpanda with user impersonation. This means you can authenticate to fine-grained access within Redpanda using the same credentials you use to authenticate to Redpanda Cloud. For example, when you list topics in the Cloud UI or Cloud API, you see the topics that you have access to as a specific user, rather than as a generic admin user. This ensures accurate audit logs and unified identity enforcement.
116
+
BYOC and Dedicated clusters support unified authentication and authorization between the Redpanda Cloud UI and Redpanda with user impersonation. This means you can use the same credentials to authenticate to both Redpanda Cloud and the underlying Redpanda cluster, with consistent permissions across all interfaces. This ensures accurate audit logs and unified identity enforcement across all client applications, including the Cloud UI. With user impersonation enabled, the topics and resources users see in the UI match exactly what they can access with the Cloud API or `rpk`.
117
117
118
-
* Without user impersonation, Redpanda Cloud evaluates permissions using role bindings defined in its configuration. Redpanda sees all requests as coming from a static service account.
119
-
* With user impersonation, Redpanda Cloud evaluates permissions using glossterm:ACL[,access control lists (ACLs)] and xref:security:authorization/rbac/rbac_dp.adoc[role-based access control (RBAC)] in the glossterm:data plane[].
118
+
* *Without user impersonation*: Redpanda Cloud uses a static service account to access your cluster. All UI requests appear to come from this generic admin user.
119
+
* *With user impersonation*: Redpanda Cloud uses your individual user credentials and evaluates permissions using glossterm:ACL[,access control lists (ACLs)] and glossterm:RBAC[,role-based access control (RBAC)] in the data plane. Each user sees only the resources they have permission to access.
120
120
121
-
To enable user impersonation, go to the *Cluster settings* page and select the option to enable it.
121
+
To enable user impersonation:
122
122
123
-
After enabling user impersonation, new Readers and Writers added to the cluster must have their roles or ACLs granted by Admins in the cluster *Security* page.
123
+
1. Go to the *Cluster settings* page and select the option to enable it.
124
+
2. Configure permissions for your users on the cluster *Security* page using ACLs or RBAC roles.
124
125
125
-
CAUTION: Enabling user impersonation does not affect Admin users, but Readers and Writers will lose access until they are granted roles or ACLs.
126
+
[IMPORTANT]
127
+
====
128
+
129
+
After enabling user impersonation:
130
+
131
+
* *Admin users* continue to have full access as before
132
+
* *Reader and Writer users* will lose access to the cluster until you explicitly grant them permissions through ACLs or RBAC roles on the *Security* page
133
+
134
+
Plan to configure user permissions before or immediately after enabling this feature to avoid access disruption.
0 commit comments