rpk security acl create

Create ACLs.

Following the multiplying effect of combining flags, the create command works on a straightforward basis: every ACL combination is a created ACL.

As mentioned in the rpk security acl help text, if no host is specified, an allowed principal is allowed access from all hosts. The wildcard principal * allows all principals. At least one principal, one host, one resource, and one operation is required to create a single ACL.

Examples

Allow all permissions to user bar on topic foo and group g:

rpk security acl create --allow-principal bar --operation all --topic foo --group g

Allow read permissions to all users on topics biz and baz:

rpk security acl create --allow-principal * --operation read --topic biz,baz

Allow write permissions to user buzz to transactional ID txn:

rpk security acl create --allow-principal User:buzz --operation write --transactional-id txn

Allow all permissions to role bar on topic "foo" and group "g":

--allow-role bar --operation all --topic foo --group g

Usage

rpk security acl create [flags]

Flags

Value Type Description

--allow-host

strings

Hosts from which access will be granted (repeatable).

--allow-principal

strings

Principals for which these permissions will be granted (repeatable).

--allow-role

strings

Roles for which these permissions will be granted (repeatable).

--cluster

-

Whether to grant ACLs to the cluster.

--deny-host

strings

Hosts from from access will be denied (repeatable).

--deny-principal

strings

Principal for which these permissions will be denied (repeatable).

--deny-role

strings

Role for which these permissions will be denied (repeatable).

--group

strings

Group to grant ACLs for (repeatable).

-h, --help

-

Help for create.

--operation

strings

Operation to grant (repeatable).

--resource-pattern-type

string

Pattern to use when matching resource names (literal or prefixed) (default "literal").

--topic

strings

Topic to grant ACLs for (repeatable).

--transactional-id

strings

Transactional IDs to grant ACLs for (repeatable).

--config

string

Redpanda or rpk config file; default search paths are /var/lib/redpanda/.config/rpk/rpk.yaml, $PWD/redpanda.yaml, and /etc/redpanda/redpanda.yaml.

-X, --config-opt

stringArray

Override rpk configuration settings. See rpk -X or execute rpk -X help for inline detail or rpk -X list for terser detail.

--profile

string

Profile to use. See rpk profile for more details.

-v, --verbose

-

Enable verbose logging.