confluent local acl


Use this command to specify an ACL for Schema Registry.


The confluent local commands are intended for a single-node development environment and are not suitable for a production environment. The data that are produced are transient and are intended to be temporary. For production-ready workflows, see Install and Upgrade Confluent Platform.

confluent local acl schema-registry -- [flags] [<argument>] --path <path-to-confluent>


You must include a double dash (--) between the topic name and your flag. For more information, see this post.



You must either specify the path for each Confluent CLI confluent local command invocation, export the path as an environment variable for each terminal session, or set the path to your Confluent Platform installation in your shell profile. For example:

cat ~/.bash_profile
export CONFLUENT_HOME=<path-to-confluent>
Name, shorthand Default Description
-h, --help   Print usage information.
--add   Add ACLs.
--remove   Remove ACLs.
--list   List all current ACLs.
--config <file>   Required: the ACL properties file.
-o, --operation <operation>   Operation that is being authorized.
-p, --principal <principal>   Principal that the ACL is being applied to.
--path <path-to-confluent>   Path to Confluent Platform install directory.
-s, --subject <subject>   Subject that the ACL is applied to. Only applies to SUBJECT operations.
-t, --topic <topic>   Topic that the ACL is being applied to. The corresponding subjects are topic-key and topic-value. Only applies to SUBJECT operations.
-v, --verbose count   Increase verbosity (-v for warn, -vv for info, -vvv for debug, -vvvv for trace).

Positional arguments

Name, shorthand Default Description
<file>   Required: The properties filename.

The name of the operation. Valid operations names are:

<path-to-confluent>   The relative path to Confluent Platform. You can also define this as an environment variable named CONFLUENT_HOME.
<principal>   The name of the principal. Use an asterisk * to apply to all principals.
<subject>   The name of the subject. Use an asterisk * to apply to all subjects.
<topic>   The name of the topic. Use an asterisk * to apply to all topics.