From 91de948edda8790a8233b622df8d651646eafdca Mon Sep 17 00:00:00 2001
From: seono <tjsh0111@gmail.com>
Date: Fri, 11 Jul 2025 20:38:16 +0900
Subject: [PATCH] Add Default Role (#344)

---
 .../rbac-role-based-access-control/README.md  | 79 +++++++++++++++++++
 1 file changed, 79 insertions(+)

diff --git a/configuration/rbac-role-based-access-control/README.md b/configuration/rbac-role-based-access-control/README.md
index 4cf8324..767458b 100644
--- a/configuration/rbac-role-based-access-control/README.md
+++ b/configuration/rbac-role-based-access-control/README.md
@@ -122,6 +122,18 @@ A list of all the actions for the corresponding resources (please note neither r
 * `audit`: `view`
 * ~~`client_quotas`: `view`, `edit`~~ — not yet implemented
 
+#### Default Role
+
+The Default Role is applied to users who have successfully authenticated but do not have a mapped role assigned. This role only requires permissions configuration.
+
+```yaml
+rbac:
+  default-role:
+    permissions:
+      - resource: clusterconfig
+        actions: [ "view" ]
+```
+
 ## Example file
 
 **A complete file example:**
@@ -298,3 +310,70 @@ rbac:
           actions: [ view ]
 
 ```
+
+**An admin group with a read-only default role example:**
+```yaml
+rbac:
+  default-role:
+    permissions:
+      - resource: clusterconfig
+        actions: [ "view" ]
+
+      - resource: topic
+        value: ".*"
+        actions:
+          - VIEW
+          - MESSAGES_READ
+          - ANALYSIS_VIEW
+
+      - resource: consumer
+        value: ".*"
+        actions: [ view ]
+
+      - resource: schema
+        value: ".*"
+        actions: [ view ]
+
+      - resource: connect
+        value: ".*"
+        actions: [ view ]
+
+      - resource: acl
+        actions: [ view ]
+
+  roles:
+    - name: "admins"
+      clusters:
+        # FILL THIS
+      subjects:
+        # FILL THIS
+      permissions:
+        - resource: applicationconfig
+          actions: all
+
+        - resource: clusterconfig
+          actions: all
+
+        - resource: topic
+          value: ".*"
+          actions: all
+
+        - resource: consumer
+          value: ".*"
+          actions: all
+
+        - resource: schema
+          value: ".*"
+          actions: all
+
+        - resource: connect
+          value: ".*"
+          actions: all
+
+        - resource: ksql
+          actions: all
+
+        - resource: acl
+          actions: [ view ]
+
+```
\ No newline at end of file