List ACLs

GET /security/acls

Returns a list of ACL rules that match the specified filters.

Query parameters

  • principal string

    The name of the principal, for example, User:alice or RedpandaRole:admin. Use "*" to represent a wildcard.

  • resource string

    The name of the resource. Use "*" to represent a wildcard.

  • resource_type string

    The type of resource being secured. The REGISTRY type maps to top-level operations such as GET /mode and GET /config. The SUBJECT type maps to operations on the subject level, such as GET /subjects and GET /config/{subject}.

    Values are REGISTRY or SUBJECT.

  • pattern_type string

    Pattern match type for the resource. Only applies when resource_type is SUBJECT.

    Values are LITERAL or PREFIXED.

  • host string

    Originating host for which this rule applies. Use "*" to represent a wildcard.

  • operation string

    The operation to allow or deny.

    Values are ALL, READ, WRITE, DELETE, DESCRIBE, DESCRIBE_CONFIGS, or ALTER_CONFIGS.

  • permission string

    Specifies whether the operation is allowed or denied.

    Values are ALLOW or DENY.

Responses

  • 200 application/json

    List ACLs

    Hide response attributes Show response attributes object
    • principal string Required

      The name of the principal, for example, User:alice or RedpandaRole:admin. Use "*" to represent a wildcard.

    • resource string Required

      The name of the resource. Use "*" to represent a wildcard.

    • resource_type string Required

      The type of resource being secured.

      Values are REGISTRY or SUBJECT.

    • pattern_type string Required

      Pattern match type for the resource. Only applies when resource_type is SUBJECT.

      Values are LITERAL or PREFIXED.

    • host string Required

      Originating host for which this rule applies. Use "*" to represent a wildcard.

    • operation string Required

      The operation to allow or deny.

      Values are ALL, READ, WRITE, DELETE, DESCRIBE, DESCRIBE_CONFIGS, or ALTER_CONFIGS.

    • permission string Required

      Specifies whether the operation is allowed or denied.

      Values are ALLOW or DENY.
  • 401 application/json

    Unauthorized

    Hide response attributes Show response attributes object
    • error_code integer
    • message string
  • 403 application/json

    Forbidden

    Hide response attributes Show response attributes object
    • error_code integer
    • message string
  • 500 application/json

    Internal Server Error

    Hide response attributes Show response attributes object
    • error_code integer
    • message string
GET /security/acls 
curl \
 --request GET 'http://localhost:8081/security/acls'
Response examples (200) 
[
  {
    "host": "*",
    "resource": "model-",
    "operation": "READ",
    "principal": "User:alice",
    "permission": "ALLOW",
    "pattern_type": "PREFIXED",
    "resource_type": "SUBJECT"
  }
]
Response examples (200) 
[
  {
    "principal": "string",
    "resource": "string",
    "resource_type": "REGISTRY",
    "pattern_type": "LITERAL",
    "host": "string",
    "operation": "ALL",
    "permission": "ALLOW"
  }
]
Response examples (401) 
{
  "error_code": 42,
  "message": "string"
}
Response examples (403) 
{
  "error_code": 42,
  "message": "string"
}
Response examples (500) 
{
  "error_code": 42,
  "message": "string"
}