# rpk security acl create > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [streaming-full.txt](https://docs.redpanda.com/streaming-full.txt) --- title: rpk security acl create latest-redpanda-tag: v25.1.1 latest-console-tag: v3.7.3 latest-operator-version: v26.1.4 # EOL = End-of-Life (support lifecycle status) page-is-nearing-eol: "false" page-is-past-eol: "true" page-eol-date: April 7, 2026 latest-connect-version: 4.93.0 docname: rpk/rpk-security/rpk-security-acl-create page-component-name: streaming page-version: "25.1" page-component-version: "25.1" page-component-title: Streaming page-relative-src-path: rpk/rpk-security/rpk-security-acl-create.adoc page-edit-url: https://github.com/redpanda-data/docs/edit/v/25.1/modules/reference/pages/rpk/rpk-security/rpk-security-acl-create.adoc page-git-created-date: "2024-04-30" page-git-modified-date: "2024-07-24" support-status: past end-of-life --- Create ACLs. Following the multiplying effect of combining flags, the create command works on a straightforward basis: every ACL combination is a created ACL. As mentioned in the `rpk security acl` help text, if no host is specified, an allowed principal is allowed access from all hosts. The wildcard principal `*` allows all principals. At least one principal, one host, one resource, and one operation is required to create a single ACL. ## [](#examples)Examples Allow all permissions to user bar on topic `foo` and group `g`: ```bash rpk security acl create --allow-principal bar --operation all --topic foo --group g ``` Allow read permissions to all users on topics biz and baz: ```bash rpk security acl create --allow-principal * --operation read --topic biz,baz ``` Allow write permissions to user buzz to transactional ID `txn`: ```bash rpk security acl create --allow-principal User:buzz --operation write --transactional-id txn ``` Allow all permissions to role bar on topic "foo" and group "g": ```bash --allow-role bar --operation all --topic foo --group g ``` ## [](#usage)Usage ```bash rpk security acl create [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | --allow-host | strings | Hosts from which access will be granted (repeatable). | | --allow-principal | strings | Principals for which these permissions will be granted (repeatable). | | --allow-role | strings | Roles for which these permissions will be granted (repeatable). | | --cluster | - | Whether to grant ACLs to the cluster. | | --deny-host | strings | Hosts from from access will be denied (repeatable). | | --deny-principal | strings | Principal for which these permissions will be denied (repeatable). | | --deny-role | strings | Role for which these permissions will be denied (repeatable). | | --group | strings | Group to grant ACLs for (repeatable). | | -h, --help | - | Help for create. | | --operation | strings | Operation to grant (repeatable). | | --resource-pattern-type | string | Pattern to use when matching resource names (literal or prefixed) (default "literal"). | | --topic | strings | Topic to grant ACLs for (repeatable). | | --transactional-id | strings | Transactional IDs to grant ACLs for (repeatable). | | --config | string | Redpanda or rpk config file; default search paths are /var/lib/redpanda/.config/rpk/rpk.yaml, $PWD/redpanda.yaml, and /etc/redpanda/redpanda.yaml. | | -X, --config-opt | stringArray | Override rpk configuration settings. See rpk -X or execute rpk -X help for inline detail or rpk -X list for terser detail. | | --profile | string | Profile to use. See rpk profile for more details. | | -v, --verbose | - | Enable verbose logging. |