# rpk security acl list > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [streaming-full.txt](https://docs.redpanda.com/streaming-full.txt) --- title: rpk security acl list latest-redpanda-tag: v25.2.1 latest-console-tag: v3.7.3 latest-operator-version: v26.1.4 # EOL = End-of-Life (support lifecycle status) page-is-nearing-eol: "true" page-is-past-eol: "false" page-eol-date: July 31, 2026 latest-connect-version: 4.93.0 docname: rpk/rpk-security/rpk-security-acl-list page-component-name: streaming page-version: "25.2" page-component-version: "25.2" page-component-title: Streaming page-relative-src-path: rpk/rpk-security/rpk-security-acl-list.adoc page-edit-url: https://github.com/redpanda-data/docs/edit/v/25.2/modules/reference/pages/rpk/rpk-security/rpk-security-acl-list.adoc page-git-created-date: "2024-04-30" page-git-modified-date: "2025-07-31" support-status: nearing end-of-life --- List ACLs. See the `rpk security acl` help text for a full write up on ACLs. List flags work in a similar multiplying effect as creating ACLs, but list is more advanced: listing works on a filter basis. Any unspecified flag defaults to matching everything (all operations, or all allowed principals, etc). As mentioned, not specifying flags matches everything. If no resources are specified, all resources are matched. If no operations are specified, all operations are matched. You can also opt in to matching everything with "any": --operation any matches any operation. The --resource-pattern-type, defaulting to "any", configures how to filter resource names: - "any" returns exact name matches of either prefixed or literal pattern type - "match" returns wildcard matches, prefix patterns that match your input, and literal matches - "prefix" returns prefix patterns that match your input (prefix "fo" matches "foo") - "literal" returns exact name matches The list command lists ACLs for both Kafka and Schema Registry. To limit the results to a specific subsystem, use the `--subsystem` flag with either `kafka` or `registry`. ## [](#examples)Examples List all ACLs: ```bash rpk security acl list ``` List all Schema Registry ACLs: ```bash rpk security acl list --subsystem registry ``` List all ACLs for topic "foo": ```bash rpk security acl list --topic foo ``` List all ACLs for user "bar" on topic "foo": ```bash rpk security acl list --allow-principal bar --topic foo ``` List all ACLs for role "admin" on schema registry subject "foo-value": ```bash rpk security acl list --allow-role admin --registry-subject foo-value ``` ## [](#usage)Usage ```bash rpk security acl list [flags] ``` ## [](#aliases)Aliases ```bash list, ls, describe ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | --allow-host | strings | Allowed host ACLs to match (repeatable). | | --allow-principal | strings | Allowed principal ACLs to match (repeatable). | | --allow-role | strings | Allowed role for ACLs to match (repeatable). | | --cluster | - | Whether to match ACLs to the cluster. | | --deny-host | strings | Denied host ACLs to match (repeatable). | | --deny-principal | strings | Denied principal ACLs to match (repeatable). | | --deny-role | strings | Denied role for ACLs to match (repeatable). | | --format | string | Output format. Possible values: json, yaml, text, wide, help. Default: text. | | --group | strings | Group to match ACLs for (repeatable). | | -h, --help | - | Help for list. | | --operation | strings | Operation to match (repeatable). | | -f, --print-filters | - | Print the filters that were requested (failed filters are always printed). | | --registry-global | - | Whether to grant ACLs for the schema registry. | | --registry-subject | strings | Schema Registry subjects to grant ACLs for (repeatable). | | --resource-pattern-type | string | Pattern to use when matching resource names (any, match, literal, or prefixed) (default "any"). | | --subsystem | strings | Subsystem to match ACLs for. Possible values: kafka, registry, kafka,registry (both). Default: kafka,registry. | | --topic | strings | Topic to match ACLs for (repeatable). | | --transactional-id | strings | Transactional IDs to match ACLs for (repeatable). | | --config | string | Redpanda or rpk config file; default search paths are /var/lib/redpanda/.config/rpk/rpk.yaml, $PWD/redpanda.yaml, and /etc/redpanda/redpanda.yaml. | | -X, --config-opt | stringArray | Override rpk configuration settings. See rpk -X or execute rpk -X help for inline detail or rpk -X list for terser detail. | | --profile | string | Profile to use. See rpk profile for more details. | | -v, --verbose | - | Enable verbose logging. |