We rolled out an update on February 12th 2026 to finalize how we handle access control list (ACL) policies for the Schema Registry in Redpanda Serverless.
The Context: When we introduced Schema Registry ACLs last year, we left enforcement in a permissive state ("allow all" authenticated users) to help teams get set up easily. Starting next week, we are flipping the switch to strict enforcement.
The Important Part: To ensure this change doesn’t break your existing producers or consumers, we are proactively migrating all pre-existing SASL users who have previously accessed a cluster's Schema Registry to an equivalent set of explicit permissions.
If your app works today: It will keep working next week. We’ve codified your current access levels into actual ACLs. No action is required on your end.
Going forward: You now have the power to lock down Schema Registry access. We recommend reviewing your users’ permissions to ensure they are scoped exactly how you want them. We also recommend providing a similar heads up to your internal users to ensure they understand the upcoming changes.
Pro tip: For new SASL users, you must explicitly grant Schema Registry permissions. To facilitate this process, we have updated the "Permit all operations" toggle in the Redpanda Cloud UI to include these Schema Registry permissions for you.