# rpk acl create

> For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [streaming-full.txt](https://docs.redpanda.com/streaming-full.txt)

---
title: rpk acl create
latest-operator-version: v26.1.4
# EOL = End-of-Life (support lifecycle status)
page-is-nearing-eol: "false"
page-is-past-eol: "true"
page-eol-date: December 22, 2024
latest-console-tag: v3.7.3
latest-connect-version: 4.93.0
docname: rpk/rpk-acl/rpk-acl-create
page-component-name: streaming
page-version: "23.3"
page-component-version: "23.3"
page-component-title: Streaming
page-relative-src-path: rpk/rpk-acl/rpk-acl-create.adoc
page-edit-url: https://github.com/redpanda-data/docs/edit/v/23.3/modules/reference/pages/rpk/rpk-acl/rpk-acl-create.adoc
page-git-created-date: "2023-05-17"
page-git-modified-date: "2024-04-04"
support-status: past end-of-life
---

<!-- Source: https://docs.redpanda.com/streaming/23.3/reference/rpk/rpk-acl/rpk-acl-create.md -->

Create ACLs.

Following the multiplying effect of combining flags, the create command works on a straightforward basis: every ACL combination is a created ACL.

As mentioned in the `rpk acl` help text, if no host is specified, an allowed principal is allowed access from all hosts. The wildcard principal `*` allows all principals. At least one principal, one host, one resource, and one operation is required to create a single ACL.

Allow all permissions to user bar on topic `foo` and group `g`:

`rpk acl create --allow-principal bar --operation all --topic foo --group g`

Allow read permissions to all users on topics biz and baz:

`rpk acl create --allow-principal * --operation read --topic biz,baz`

Allow write permissions to user buzz to transactional id `txn`:

`rpk acl create --allow-principal User:buzz --operation write --transactional-id txn`

## [](#usage)Usage

```bash
rpk acl create [flags]
```

## [](#flags)Flags

| Value | Type | Description |
| --- | --- | --- |
| --allow-host | strings | Hosts from which access will be granted (repeatable). |
| --allow-principal | strings | Principals for which these permissions will be granted (repeatable). |
| --cluster | - | Whether to grant ACLs to the cluster. |
| --deny-host | strings | Hosts from from access will be denied (repeatable). |
| --deny-principal | strings | Principal for which these permissions will be denied (repeatable). |
| --group | strings | Group to grant ACLs for (repeatable). |
| -h, --help | - | Help for create. |
| --operation | strings | Operation to grant (repeatable). |
| --resource-pattern-type | string | Pattern to use when matching resource names (literal or prefixed) (default "literal"). |
| --topic | strings | Topic to grant ACLs for (repeatable). |
| --transactional-id | strings | Transactional IDs to grant ACLs for (repeatable). |
| --config | string | Redpanda or rpk config file; default search paths are /var/lib/redpanda/.config/rpk/rpk.yaml, $PWD/redpanda.yaml, and /etc/redpanda/redpanda.yaml. |
| -X, --config-opt | stringArray | Override rpk configuration settings. See rpk -X or execute rpk -X help for inline detail or rpk -X list for terser detail. |
| --profile | string | Profile to use. See rpk profile for more details. |
| -v, --verbose | - | Enable verbose logging. |