Confluent CCAC Glossary: Resource and Networking Terms
March 31, 2026
Confluent CCAC glossary of resource boundaries, RBAC, networking, and connector terms.
Use this glossary when Confluent Cloud networking, access, governance, and multi-cluster terms start to blur together. Keep it beside the cheat sheet and resources instead of using it as a substitute for operational review.
| Term |
Short meaning |
| Organization |
Top-level Confluent account boundary |
| Environment |
Main Confluent Cloud grouping for related clusters, networking, and governance resources |
| Cluster |
Managed Kafka deployment in Confluent Cloud |
| Service account |
Identity used by applications or automation instead of human users |
| API key |
Credential pair used by clients and tools to authenticate to Confluent services |
| RBAC |
Role-based access control used to grant permissions through roles |
| Role binding |
The assignment that connects a role to a principal at a specific scope |
| Private networking |
Non-public connectivity pattern between Confluent Cloud and your network |
| Public endpoint |
Internet-reachable service path that may still be restricted by policy or allowlists |
| Cluster Linking |
Native replication feature for moving topics across Kafka clusters |
| Connector |
Managed integration component used to move data into or out of Kafka |
| Stream Governance |
Confluent Cloud governance features for schema, catalog, and data discipline |
| Schema Registry |
Confluent schema-management component used for schema validation and compatibility control |
| Network egress |
Outbound data movement from a service or cluster |
| Dedicated cluster |
Higher-isolation Confluent Cloud cluster tier with different scale and networking options |
| ACL |
Access control list used alongside or below role-based permissions in some contexts |
| Allowlist |
Network control that permits traffic only from approved addresses or paths |
| Authoritative cluster |
The cluster that should be treated as the source of truth during linked-cluster operations or cutover decisions |
Commonly confused pairs
| Pair |
Keep this distinction clear |
| environment vs cluster |
higher-level operational boundary versus one managed Kafka deployment |
| service account vs API key |
workload identity versus its credential |
| RBAC vs API key |
authorization model versus authentication credential |
| role binding vs role |
the assignment versus the permission set itself |
| private networking vs public endpoint |
constrained network path versus internet-reachable access |
| Cluster Linking vs connector |
native cluster-to-cluster topic replication versus integration pipeline component |
| Stream Governance vs Schema Registry |
broader governance capability set versus the schema-management component inside that lane |
| service account vs human user |
workload identity versus interactive operator identity |
Fast boundary reminders
| If the term really points to… |
Think of it as… |
| hierarchy and blast radius |
organization, environment, cluster |
| identity and permissions |
service account, API key, RBAC, role binding |
| path and exposure |
public endpoint, private networking, allowlist, DNS |
| data movement |
connector, Cluster Linking |
| governance and contracts |
Stream Governance, Schema Registry, compatibility |
If the confusion is really about…
Revised on Sunday, May 10, 2026