docs: add DESCRIBE_CONFIGS to migrator source topic ACLs

[twmb]

What

Corrects the Kafka ACL note on the Schema Registry Authorization page (currently the only place migrator Kafka ACLs are documented). The note listed only READ on source topics; this adds DESCRIBE_CONFIGS (source and target) and an explanatory note.

Why

Redpanda Migrator issues DescribeConfigs against the source to read each topic's configuration for replication. READ grants DESCRIBE but not DESCRIBE_CONFIGS, so a consumer-only ACL on the source fails topic creation with TOPIC_AUTHORIZATION_FAILED.

Companion to redpanda-data/rp-connect-docs#451, which documents the full source/destination migrator ACL set in the Connect docs.

Preview pages

• Schema Registry Authorization (updated)

🤖 Generated with Claude Code

[netlify]

✅ Deploy Preview for redpanda-docs-preview ready!

Name	Link
🔨 Latest commit	f88878d
🔍 Latest deploy log	https://app.netlify.com/projects/redpanda-docs-preview/deploys/6a3d7b43f4e44400087fbf01
😎 Deploy Preview	https://deploy-preview-1770--redpanda-docs-preview.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[Feediver1]

PR Review (final-pass against docs-team-standards)

Files reviewed: 1 .adoc file (3 additions, 1 deletion)
Overall assessment: Tiny, technically-correct accuracy fix authored by the SME. Sound Kafka ACL semantics, clear root-cause explanation. No blocking issues; only two cosmetic consistency nits.

Critical issues (must fix)

None. Content correction with no syntax, xref, or terminology risk. The existing xref:manage:security/authorization/acl.adoc[...] is untouched and resolves. Change is inside the single-source range (tags at lines 5/710), so it correctly lands in cloud-docs too.

Suggestions (should consider)

1. [schema-reg-authorization.adoc:272] Separator inconsistency within the Topics bullet. Source uses a comma (READ, DESCRIBE_CONFIGS) while target uses slashes (WRITE/CREATE/DESCRIBE/ALTER/DESCRIBE_CONFIGS). For parallelism, consider one separator for both, e.g. READ/DESCRIBE_CONFIGS (source); WRITE/CREATE/DESCRIBE/ALTER/DESCRIBE_CONFIGS (target).

2. [schema-reg-authorization.adoc:272-274] Code-formatting inconsistency. The new prose (line 276) and the rest of the page backtick operation names (`READ`, `DESCRIBE_CONFIGS`), but the three bullets render them as bare uppercase. Optional: backtick the operations in the bullets to match. (Pre-existing style — out of strict scope, but a natural moment to align.)

Impact on other files

• rp-connect-docs#451 (companion, different repo): the source/target ACL set documented there should stay in sync with this note — worth confirming both list DESCRIBE_CONFIGS identically.
• What's New / nav: No entry or nav change needed — accuracy fix to existing content, not a new page or feature.
• console-v3.adoc: Mentions migrator/ACLs but covers Console role-to-ACL migration (impersonation), not data-migrator Kafka ACLs — no divergence.

What works well

• Technically precise: correctly distinguishes DESCRIBE (granted by READ) from DESCRIBE_CONFIGS, and names the exact failure mode (TOPIC_AUTHORIZATION_FAILED).
• Symmetric fix — adds DESCRIBE_CONFIGS to both source and target, not just the reported source case.
• Explanatory note gives operators the why, not just the what.
• Authored by a Kafka-protocol SME; high confidence in accuracy.

🤖 Generated with Claude Code

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 644aa1b0-57f7-4899-ab0f-55e4a127cb3f

📥 Commits

Reviewing files that changed from the base of the PR and between 0c0a92e and f88878d.

📒 Files selected for processing (1)

• modules/manage/pages/schema-reg/schema-reg-authorization.adoc

---

📝 Walkthrough

Walkthrough

Updated the Schema Registry ACL migration note to refine the Kafka permission matrix. The topic, consumer group, and cluster bullets now list additional topic operations, and the topic section now states that READ grants DESCRIBE but not DESCRIBE_CONFIGS, with TOPIC_AUTHORIZATION_FAILED when source topics lack DESCRIBE_CONFIGS.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Possibly related PRs

• redpanda-data/docs#1332 — Also refines Schema Registry ACL/authorization examples and topic-operation semantics in the same documentation area.
• redpanda-data/docs#1420 — Also adjusts topic resource ACL examples and related authorization behavior.
• redpanda-data/docs#1528 — Also updates Schema Registry ACL guidance with migration-related permission details.

Suggested reviewers

• sago2k8
• andresaristizabal
• r-vasquez
• micheleRP

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description covers the change and rationale, but it misses the required Jira link, review deadline, and checks/template sections.	Add the Jira ticket, review deadline, a completed Checks section, and align the description to the repository template headings.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the doc update to add DESCRIBE_CONFIGS to migrator ACL guidance.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/migrator-source-topic-describe-configs-acl

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}