Docs Cloud Reference rpk Commands rpk security rpk security acl rpk security acl list rpk security acl list List ACLs. See the rpk security acl help text for a full write up on ACLs. List flags work in a similar multiplying effect as creating ACLs, but list is more advanced: listing works on a filter basis. Any unspecified flag defaults to matching everything (all operations, or all allowed principals, etc). As mentioned, not specifying flags matches everything. If no resources are specified, all resources are matched. If no operations are specified, all operations are matched. You can also opt in to matching everything with "any": --operation any matches any operation. The --resource-pattern-type, defaulting to "any", configures how to filter resource names: "any" returns exact name matches of either prefixed or literal pattern type "match" returns wildcard matches, prefix patterns that match your input, and literal matches "prefix" returns prefix patterns that match your input (prefix "fo" matches "foo") "literal" returns exact name matches The list command lists ACLs for both Kafka and Schema Registry. To limit the results to a specific subsystem, use the --subsystem flag with either kafka or registry. Examples List all ACLs: rpk security acl list List all Schema Registry ACLs: rpk security acl list --subsystem registry List all ACLs for topic "foo": rpk security acl list --topic foo List all ACLs for user "bar" on topic "foo": rpk security acl list --allow-principal bar --topic foo List all ACLs for role "admin" on schema registry subject "foo-value": rpk security acl list --allow-role admin --registry-subject foo-value Usage rpk security acl list [flags] Aliases list, ls, describe Flags Value Type Description --allow-host strings Allowed host ACLs to match (repeatable). --allow-principal strings Allowed principal ACLs to match (repeatable). --allow-role strings Allowed role for ACLs to match (repeatable). --cluster - Whether to match ACLs to the cluster. --deny-host strings Denied host ACLs to match (repeatable). --deny-principal strings Denied principal ACLs to match (repeatable). --deny-role strings Denied role for ACLs to match (repeatable). --format string Output format. Possible values: json, yaml, text, wide, help. Default: text. --group strings Group to match ACLs for (repeatable). -h, --help - Help for list. --operation strings Operation to match (repeatable). -f, --print-filters - Print the filters that were requested (failed filters are always printed). --registry-global - Whether to grant ACLs for the schema registry. --registry-subject strings Schema Registry subjects to grant ACLs for (repeatable). --resource-pattern-type string Pattern to use when matching resource names (any, match, literal, or prefixed) (default "any"). --subsystem strings Subsystem to match ACLs for. Possible values: kafka, registry, kafka,registry (both). Default: kafka,registry. --topic strings Topic to match ACLs for (repeatable). --transactional-id strings Transactional IDs to match ACLs for (repeatable). --config string Redpanda or rpk config file; default search paths are /var/lib/redpanda/.config/rpk/rpk.yaml, $PWD/redpanda.yaml, and /etc/redpanda/redpanda.yaml. -X, --config-opt stringArray Override rpk configuration settings. See rpk -X or execute rpk -X help for inline detail or rpk -X list for terser detail. --profile string Profile to use. See rpk profile for more details. -v, --verbose - Enable verbose logging. Back to top × Simple online edits For simple changes, such as fixing a typo, you can edit the content directly on GitHub. Edit on GitHub Or, open an issue to let us know about something that you want us to change. Open an issue Contribution guide For extensive content updates, or if you prefer to work locally, read our contribution guide . Was this helpful? thumb_up thumb_down group Ask in the community mail Share your feedback group_add Make a contribution 🎉 Thanks for your feedback! rpk security acl delete rpk security role assign