Provisioning Profiles

Provisioning Profiles define what resources a team or domain is allowed to provision within the Data Streamhouse. They act as controlled templates or guardrails for initializing streaming services and infrastructure.

Provisioning Profiles are centrally managed by the platform team and can be:

Assigned to specific domains, enabling self-service for domain owners
Used system-wide, enforcing creation rules based on roles and organizational policy

They are designed to support both self-service and governed provisioning across the platform.

If a user lacks permission to create a topic, access a namespace, or provision a specific resource—even if the provisioning profile includes it—the action will be blocked. This ensures that provisioning remains aligned with both governance rules and explicit security permissions.

Use Cases

Enable domain owners to provision compliant resources for new services
Enforce policy-driven topic creation (naming, configuration, retention, etc.)
Define reusable blueprints for streaming applications
Restrict and govern sensitive resource types like ACLs or database access

Assignment & Scope

Provisioning Profiles can be:

Domain-scoped: Assigned to specific domains. Domain owners can initialize services based on those profiles.
Global/system-wide: Applied across the platform as policy templates, used to enforce governance rules based on user roles or group membership.

Services and Resources

When a domain owner or service owner provisions a new service, the provisioning profile defines which resources are available for that service.

Provisioning Profiles do not automatically create resources. They define what can be provisioned—not what is provisioned.

Resources

The following resource types can be provisioned as part of a provisioning profile. Please note that most resources are not provisioned automatically but at the discretion of the user or service owner. Think of a provisioning profile as guardrails. The user can then choose to create one, multiple or all resources that are available within a provisioning profile.

Resource

Description

Topics

A provisioning profile defines one or more topic namespaces and allowed configurations (e.g., cleanup policy, retention, compaction).

ACLs

A provisioning profile allows the definition of ACLs for consumer groups, transactions, or users.

Users

Define whether application-level user credentials can be requested or automatically generated.

Database

Allow provisioning of a database (if integrated with an external DB service).

Example Scenarios

A provisioning profile for the "Payments" domain allows topics with the prefix payments-, limits partitions to max 12, enforces compaction, and enables ACLs for team-specific consumer groups.
A global profile prohibits topic creation with fewer than 3 replicas and enforces 7-day retention for all new topics, regardless of the domain.

PreviousWorkflow Overview NextChargeback Overview

Last updated 3 days ago

Was this helpful?

Resources

Resource

Description

Topics

A provisioning profile defines one or more topic namespaces and allowed configurations (e.g., cleanup policy, retention, compaction).

ACLs

A provisioning profile allows the definition of ACLs for consumer groups, transactions, or users.

Users

Define whether application-level user credentials can be requested or automatically generated.

Database

Allow provisioning of a database (if integrated with an external DB service).

Example Scenarios

A provisioning profile for the "Payments" domain allows topics with the prefix payments-, limits partitions to max 12, enforces compaction, and enables ACLs for team-specific consumer groups.

A global profile prohibits topic creation with fewer than 3 replicas and enforces 7-day retention for all new topics, regardless of the domain.