Streaming

rpk security acl list

List ACLs.

See the rpk security acl help text for a full write up on ACLs. List flags work in a similar multiplying effect as creating ACLs, but list is more advanced: listing works on a filter basis. Any unspecified flag defaults to matching everything (all operations, or all allowed principals, etc).

As mentioned, not specifying flags matches everything. If no resources are specified, all resources are matched. If no operations are specified, all operations are matched. You can also opt in to matching everything with "any": --operation any matches any operation.

The --resource-pattern-type, defaulting to "any", configures how to filter resource names:

"any" returns exact name matches of either prefixed or literal pattern type
"match" returns wildcard matches, prefix patterns that match your input, and literal matches
"prefix" returns prefix patterns that match your input (prefix "fo" matches "foo")
"literal" returns exact name matches

The list command lists ACLs for both Kafka and Schema Registry. To limit the results to a specific subsystem, use the --subsystem flag with either kafka or registry.

Examples

List all ACLs:

rpk security acl list

List all Schema Registry ACLs:

rpk security acl list --subsystem registry

List all ACLs for topic "foo":

rpk security acl list --topic foo

List all ACLs for user "bar" on topic "foo":

rpk security acl list --allow-principal bar --topic foo

List all ACLs for role "admin" on schema registry subject "foo-value":

rpk security acl list --allow-role admin --registry-subject foo-value

Usage

rpk security acl list [flags]

Aliases

list, ls, describe

Flags

Value Type Description

Value	Type	Description
`--allow-host`	strings	Allowed host ACLs to match (repeatable).
`--allow-principal`	strings	Allowed principal ACLs to match (repeatable).
`--allow-role`	strings	Allowed role for ACLs to match (repeatable).
`--cluster`	-	Whether to match ACLs to the cluster.
`--deny-host`	strings	Denied host ACLs to match (repeatable).
`--deny-principal`	strings	Denied principal ACLs to match (repeatable).
`--deny-role`	strings	Denied role for ACLs to match (repeatable).
`--format`	string	Output format. Possible values: `json`, `yaml`, `text`, `wide`, `help`. Default: `text`.
`--group`	strings	Group to match ACLs for (repeatable).
`-h, --help`	-	Help for list.
`--operation`	strings	Operation to match (repeatable).
`-f, --print-filters`	-	Print the filters that were requested (failed filters are always printed).
`--registry-global`	-	Whether to grant ACLs for the schema registry.
`--registry-subject`	strings	Schema Registry subjects to grant ACLs for (repeatable).
`--resource-pattern-type`	string	Pattern to use when matching resource names (any, match, literal, or prefixed) (default "any").
`--subsystem`	strings	Subsystem to match ACLs for. Possible values: `kafka`, `registry`, `kafka,registry` (both). Default: `kafka,registry`.
`--topic`	strings	Topic to match ACLs for (repeatable).
`--transactional-id`	strings	Transactional IDs to match ACLs for (repeatable).
`--config`	string	Redpanda or `rpk` config file; default search paths are `/var/lib/redpanda/.config/rpk/rpk.yaml`, `$PWD/redpanda.yaml`, and `/etc/redpanda/redpanda.yaml`.
`-X, --config-opt`	stringArray	Override `rpk` configuration settings. See `rpk -X` or execute `rpk -X help` for inline detail or `rpk -X list` for terser detail.
`--profile`	string	Profile to use. See `rpk profile` for more details.
`-v, --verbose`	-	Enable verbose logging.

--allow-host

strings

Allowed host ACLs to match (repeatable).

--allow-principal

strings

Allowed principal ACLs to match (repeatable).

--allow-role

strings

Allowed role for ACLs to match (repeatable).

--cluster

Whether to match ACLs to the cluster.

--deny-host

strings

Denied host ACLs to match (repeatable).

--deny-principal

strings

Denied principal ACLs to match (repeatable).

--deny-role

strings

Denied role for ACLs to match (repeatable).

--format

string

Output format. Possible values: json, yaml, text, wide, help. Default: text.

--group

strings

Group to match ACLs for (repeatable).

-h, --help

Help for list.

--operation

strings

Operation to match (repeatable).

-f, --print-filters

Print the filters that were requested (failed filters are always printed).

--registry-global

Whether to grant ACLs for the schema registry.

--registry-subject

strings

Schema Registry subjects to grant ACLs for (repeatable).

--resource-pattern-type

string

Pattern to use when matching resource names (any, match, literal, or prefixed) (default "any").

--subsystem

strings

Subsystem to match ACLs for. Possible values: kafka, registry, kafka,registry (both). Default: kafka,registry.

--topic

strings

Topic to match ACLs for (repeatable).

--transactional-id

strings

Transactional IDs to match ACLs for (repeatable).

--config

string

Redpanda or rpk config file; default search paths are /var/lib/redpanda/.config/rpk/rpk.yaml, $PWD/redpanda.yaml, and /etc/redpanda/redpanda.yaml.

-X, --config-opt

stringArray

Override rpk configuration settings. See rpk -X or execute rpk -X help for inline detail or rpk -X list for terser detail.

--profile

string

Profile to use. See rpk profile for more details.

-v, --verbose

Enable verbose logging.

Was this helpful?

group Ask in the community

mail Share your feedback

group_add Make a contribution

What do you think of this page?

Let us know more:

Let us contact you about your feedback:

rpk security acl list

Examples

Usage

Aliases

Flags

Simple online edits

Contribution guide