# List ACLs **GET /security/acls** Returns a list of ACL rules that match the specified filters. ## Servers - http://localhost:8081: http://localhost:8081 () ## Parameters ### Query parameters - **principal** (string) The name of the principal, for example, User:alice or RedpandaRole:admin. Use "*" to represent a wildcard. - **resource** (string) The name of the resource. Use "*" to represent a wildcard. - **resource_type** (string) The type of resource being secured. The REGISTRY type maps to top-level operations such as `GET /mode` and `GET /config`. The SUBJECT type maps to operations on the subject level, such as `GET /subjects` and `GET /config/{subject}`. - **pattern_type** (string) Pattern match type for the resource. Only applies when `resource_type` is SUBJECT. - **host** (string) Originating host for which this rule applies. Use "*" to represent a wildcard. - **operation** (string) The operation to allow or deny. - **permission** (string) Specifies whether the operation is allowed or denied. ## Responses ### 200 List ACLs #### Body: application/json (array[object]) - **principal** (string) The name of the principal, for example, User:alice or RedpandaRole:admin. Use "*" to represent a wildcard. - **resource** (string) The name of the resource. Use "*" to represent a wildcard. - **resource_type** (string) The type of resource being secured. - **pattern_type** (string) Pattern match type for the resource. Only applies when `resource_type` is SUBJECT. - **host** (string) Originating host for which this rule applies. Use "*" to represent a wildcard. - **operation** (string) The operation to allow or deny. - **permission** (string) Specifies whether the operation is allowed or denied. ### 401 Unauthorized #### Body: application/json (object) - **error_code** (integer) - **message** (string) ### 403 Forbidden #### Body: application/json (object) - **error_code** (integer) - **message** (string) ### 500 Internal Server Error #### Body: application/json (object) - **error_code** (integer) - **message** (string) [Powered by Bump.sh](https://bump.sh)