rpk acl create

Create ACLs.

Following the multiplying effect of combining flags, the create command works on a straightforward basis: every ACL combination is a created ACL.

As mentioned in the rpk acl help text, if no host is specified, an allowed principal is allowed access from all hosts. The wildcard principal * allows all principals. At least one principal, one host, one resource, and one operation is required to create a single ACL.

Allow all permissions to user bar on topic foo and group g:

rpk acl create --allow-principal bar --operation all --topic foo --group g

Allow read permissions to all users on topics biz and baz:

rpk acl create --allow-principal * --operation read --topic biz,baz

Allow write permissions to user buzz to transactional id txn:

rpk acl create --allow-principal User:buzz --operation write --transactional-id txn

Usage

rpk acl create [flags]

Flags

Value Type Description

Value	Type	Description
`--allow-host`	strings	Hosts from which access will be granted (repeatable).
`--allow-principal`	strings	Principals for which these permissions will be granted (repeatable).
`--cluster`	-	Whether to grant ACLs to the cluster.
`--deny-host`	strings	Hosts from from access will be denied (repeatable).
`--deny-principal`	strings	Principal for which these permissions will be denied (repeatable).
`--group`	strings	Group to grant ACLs for (repeatable).
`-h, --help`	-	Help for create.
`--operation`	strings	Operation to grant (repeatable).
`--resource-pattern-type`	string	Pattern to use when matching resource names (literal or prefixed) (default "literal").
`--topic`	strings	Topic to grant ACLs for (repeatable).
`--transactional-id`	strings	Transactional IDs to grant ACLs for (repeatable).
`--admin-api-tls-cert`	string	The certificate to be used for TLS authentication with the Admin API.
`--admin-api-tls-enabled`	-	Enable TLS for the Admin API (not necessary if specifying custom certs).
`--admin-api-tls-key`	string	The certificate key to be used for TLS authentication with the Admin API.
`--admin-api-tls-truststore`	string	The truststore to be used for TLS communication with the Admin API.
`--brokers`	strings	Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092'). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
`--config`	string	Redpanda config file, if not set the file will be searched for in the default locations.
`--password`	string	SASL password to be used for authentication.
`--sasl-mechanism`	string	The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
`--tls-cert`	string	The certificate to be used for TLS authentication with the broker.
`--tls-enabled`	-	Enable TLS for the Kafka API (not necessary if specifying custom certs).
`--tls-key`	string	The certificate key to be used for TLS authentication with the broker.
`--tls-truststore`	string	The truststore to be used for TLS communication with the broker.
`--user`	string	SASL user to be used for authentication.
`-v, --verbose`	-	Enable verbose logging (default: false).

--allow-host

strings

Hosts from which access will be granted (repeatable).

--allow-principal

strings

Principals for which these permissions will be granted (repeatable).

--cluster

Whether to grant ACLs to the cluster.

--deny-host

strings

Hosts from from access will be denied (repeatable).

--deny-principal

strings

Principal for which these permissions will be denied (repeatable).

--group

strings

Group to grant ACLs for (repeatable).

-h, --help

Help for create.

--operation

strings

Operation to grant (repeatable).

--resource-pattern-type

string

Pattern to use when matching resource names (literal or prefixed) (default "literal").

--topic

strings

Topic to grant ACLs for (repeatable).

--transactional-id

strings

Transactional IDs to grant ACLs for (repeatable).

--admin-api-tls-cert

string

The certificate to be used for TLS authentication with the Admin API.

--admin-api-tls-enabled

Enable TLS for the Admin API (not necessary if specifying custom certs).

--admin-api-tls-key

string

The certificate key to be used for TLS authentication with the Admin API.

--admin-api-tls-truststore

string

The truststore to be used for TLS communication with the Admin API.

--brokers

strings

Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092'). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.

--config

string

Redpanda config file, if not set the file will be searched for in the default locations.

--password

string

SASL password to be used for authentication.

--sasl-mechanism

string

The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.

--tls-cert

string

The certificate to be used for TLS authentication with the broker.

--tls-enabled

Enable TLS for the Kafka API (not necessary if specifying custom certs).

--tls-key

string

The certificate key to be used for TLS authentication with the broker.

--tls-truststore

string

The truststore to be used for TLS communication with the broker.

--user

string

SASL user to be used for authentication.

-v, --verbose

Enable verbose logging (default: false).

Was this helpful?

Ask in the community

Share your feedback

Make a contribution

What do you like about this doc?

Let us know what we do well:

Let us contact you about your feedback:

What did you not like about this doc?

Let us know what we can improve:

Let us contact you about your feedback:

rpk acl create

Usage

Flags

Simple online edits

Contribution guide