rpk security acl create
Create ACLs.
Following the multiplying effect of combining flags, the create command works on a straightforward basis: every ACL combination is a created ACL.
As mentioned in the rpk security acl
help text, if no host is specified, an allowed
principal is allowed access from all hosts. The wildcard principal *
allows
all principals. At least one principal, one host, one resource, and one
operation is required to create a single ACL.
Examples
Allow all permissions to user bar on topic foo
and group g
:
rpk security acl create --allow-principal bar --operation all --topic foo --group g
Allow read permissions to all users on topics biz and baz:
rpk security acl create --allow-principal * --operation read --topic biz,baz
Allow write permissions to user buzz to transactional ID txn
:
rpk security acl create --allow-principal User:buzz --operation write --transactional-id txn
Allow all permissions to role bar on topic "foo" and group "g":
--allow-role bar --operation all --topic foo --group g
Flags
Value | Type | Description |
---|---|---|
|
strings |
Hosts from which access will be granted (repeatable). |
|
strings |
Principals for which these permissions will be granted (repeatable). |
|
strings |
Roles for which these permissions will be granted (repeatable). |
|
- |
Whether to grant ACLs to the cluster. |
|
strings |
Hosts from from access will be denied (repeatable). |
|
strings |
Principal for which these permissions will be denied (repeatable). |
|
strings |
Role for which these permissions will be denied (repeatable). |
|
strings |
Group to grant ACLs for (repeatable). |
|
- |
Help for create. |
|
strings |
Operation to grant (repeatable). |
|
string |
Pattern to use when matching resource names (literal or prefixed) (default "literal"). |
|
strings |
Topic to grant ACLs for (repeatable). |
|
strings |
Transactional IDs to grant ACLs for (repeatable). |
|
string |
Redpanda or |
|
stringArray |
Override |
|
string |
Profile to use. See |
|
- |
Enable verbose logging. |