Docs Self-Managed Reference rpk Commands rpk security rpk security acl rpk security acl create rpk security acl create Create ACLs. Following the multiplying effect of combining flags, the create command works on a straightforward basis: every ACL combination is a created ACL. As mentioned in the rpk security acl help text, if no host is specified, an allowed principal is allowed access from all hosts. The wildcard principal * allows all principals. At least one principal, one host, one resource, and one operation is required to create a single ACL. Examples Allow all permissions to user bar on topic foo and group g: rpk security acl create --allow-principal bar --operation all --topic foo --group g Allow read permissions to all users on topics biz and baz: rpk security acl create --allow-principal * --operation read --topic biz,baz Allow write permissions to user buzz to transactional ID txn: rpk security acl create --allow-principal User:buzz --operation write --transactional-id txn Allow all permissions to role bar on topic "foo" and group "g": --allow-role bar --operation all --topic foo --group g Usage rpk security acl create [flags] Flags Value Type Description --allow-host strings Hosts from which access will be granted (repeatable). --allow-principal strings Principals for which these permissions will be granted (repeatable). --allow-role strings Roles for which these permissions will be granted (repeatable). --cluster - Whether to grant ACLs to the cluster. --deny-host strings Hosts from from access will be denied (repeatable). --deny-principal strings Principal for which these permissions will be denied (repeatable). --deny-role strings Role for which these permissions will be denied (repeatable). --group strings Group to grant ACLs for (repeatable). -h, --help - Help for create. --operation strings Operation to grant (repeatable). --resource-pattern-type string Pattern to use when matching resource names (literal or prefixed) (default "literal"). --topic strings Topic to grant ACLs for (repeatable). --transactional-id strings Transactional IDs to grant ACLs for (repeatable). --config string Redpanda or rpk config file; default search paths are /var/lib/redpanda/.config/rpk/rpk.yaml, $PWD/redpanda.yaml, and /etc/redpanda/redpanda.yaml. -X, --config-opt stringArray Override rpk configuration settings. See rpk -X or execute rpk -X help for inline detail or rpk -X list for terser detail. --profile string Profile to use. See rpk profile for more details. -v, --verbose - Enable verbose logging. Back to top × Simple online edits For simple changes, such as fixing a typo, you can edit the content directly on GitHub. Edit on GitHub Or, open an issue to let us know about something that you want us to change. Open an issue Contribution guide For extensive content updates, or if you prefer to work locally, read our contribution guide . Was this helpful? thumb_up thumb_down group Ask in the community mail Share your feedback group_add Make a contribution rpk security acl rpk security acl delete