Skip to main content
Version: 22.2

rpk acl create

Create ACLs.

Following the multiplying effect of combining flags, the create command works on a straightforward basis: every ACL combination is a created ACL.

As mentioned in the rpk acl help text, if no host is specified, an allowed principal is allowed access from all hosts. The wildcard principal * allows all principals. At least one principal, one host, one resource, and one operation is required to create a single ACL.

Allow all permissions to user bar on topic foo and group g:

rpk acl create --allow-principal bar --operation all --topic foo --group g

Allow read permissions to all users on topics biz and baz:

rpk acl create --allow-principal * --operation read --topic biz,baz

Allow write permissions to user buzz to transactional id txn:

rpk acl create --allow-principal User:buzz --operation write --transactional-id txn


rpk acl create [flags]


Value Type Description
--allow-hoststrings Hosts from which access will be granted (repeatable).
--allow-principalstringsPrincipals for which these permissions will be granted (repeatable).
--cluster- Whether to grant ACLs to the cluster.
--deny-hoststrings Hosts from from access will be denied (repeatable).
--deny-principalstringsPrincipal for which these permissions will be denied (repeatable).
--groupstrings Group to grant ACLs for (repeatable).
-h, --help- Help for create.
--operationstrings Operation to grant (repeatable).
--topicstrings Topic to grant ACLs for (repeatable).
--transactional-idstrings Transactional IDs to grant ACLs for (repeatable).

What do you like about this doc?

Optional: Share your email address if we can contact you about your feedback.

Let us know what we do well: