Permissions are applied to Groups that contain user and service accounts.
Provide access to particular data to a group of users via data-centric security.
Use namespaces to logically group datasets, either by topic name or wildcards, and set self-service permissions on that dataset:
Application permissions control the actions a group can perform within their data namespaces.
Applications such as Streaming SQL, Connectors and consumer and topology management of Apps and Micro-services, within the defined namespace/s.
Admin permissions control the actions the group can perform, and are not restricted by namespace/s.