September 2025

Confluent Cloud RBAC, policy migration, and rule diagnostics

Self-service RBAC role bindings for Confluent Cloud. Migrate legacy topic policies to CEL. Rule validation shows exactly where and why failures occur.

Create Confluent Cloud RBAC bindings through self-service

Self-service applications targeting Confluent Cloud now create native RBAC role bindings instead of Kafka ACLs. Permissions appear directly in Confluent Cloud without manual role assignments. Learn about self-service →

Confluent Cloud RBAC

Migrate legacy topic policies to CEL

Convert legacy topic policies to CEL-based resource policies. Migration creates new policies with descriptions of their origin. Learn about Gateway policies →

See exactly where and why rules fail

Rule testing now highlights errors directly in the editor with the error path and reason. Hover over the icon to see what went wrong.

Rule validation

Add custom violation messages to rules

Attach custom messages to rules so violations explain themselves. When a message fails, users see why in plain language.

Example: Instead of "Schema validation failed," show "This event is missing the required user_id field."

Learn about data quality policies →

Handle different decryption failure types

Gateway now distinguishes between decryption error types:

Download Partner Zone CA certificates directly

Download the CA certificate directly from the Partner Zone page instead of navigating multiple screens to gather connection details. Learn about Partner Zones →


For a full list of changes, read the complete release notes.

Enjoying the new features? Share your experience on G2