Release 79: kPow Admin – Staged Mutations and Temporary Policies

kPow v79 introduces kPow Admin roles with the ability to Stage Mutations and create Temporary RBAC Policies, all wrapped up in a new Settings UI.

Note: If you are currently using kPow with RBAC your users are all considered non-admin and will have slightly less visibility of kPow until you specify admin roles.

kPow Admin Roles

Admins have greater visibility and control of kPow than normal users.

Non-Admin users can see their own access policies, configure their UI preferences, and view a log of the last 7 days of their account activity.

Admin Users can approve or deny staged mutations, create and remove temporary policies, and have full visibility of all existing system features like the Audit Log.

See: kPow Admin Role Documentation.

Staged Mutations

kPow actions (e.g. Topic Create) can now be staged for approval by an Admin user.

Configured by creating an RBAC policy with the new “Stage” effect, Staged Mutations are approved or denied by Admin Users in the new Settings UI.

See: kPow Staged Mutation Documentation.

Temporary Policies

Admin Users can assign temporary access permissions to a role.

A common use-case would be providing a user TOPIC_INSPECT access to read data from a topic for an hour while resolving an issue in a Production environment.

See: kPow Temporary Policies Documentation.



  • RBAC: Added KPOW_ADMIN action to policies
  • RBAC: Added “Stage” effect to RBAC policies
  • RBAC: Ability for admins to temporarily create policies
  • RBAC: allow ENVIRONMENT_NAME as an identifier for cluster in the resource of a policy


  • Overhauled/updated Settings UI
  • Bump to Jetty10, more performant websocket sessions
  • Default cluster names now align with config, e.g bootstrap_1, bootstrap_2


  • Fixed bug where topic/broker configuration would intermittently disappear from UI in some cases.
  • Fixed j_session null pointer exception that could occur when using simple authentication

Get this release on Dockerhub or download as a JAR file.

docker pull operatr/kpow:79