confluent kafka acl create


Create a Kafka ACL.

confluent kafka acl create [flags]


    --url string                Base URL of REST Proxy Endpoint of Kafka Cluster (include /kafka for embedded Rest Proxy). Must set flag or CONFLUENT_REST_URL.
    --ca-cert-path string       Path to a PEM-encoded CA to verify the Confluent REST Proxy.
    --client-cert-path string   Path to client cert to be verified by Confluent REST Proxy, include for mTLS authentication.
    --client-key-path string    Path to client private key, include for mTLS authentication.
    --no-auth                   Include if requests should be made without authentication headers, and user will not be prompted for credentials.
    --prompt                    Bypass use of available login credentials and prompt for Kafka Rest credentials.
    --allow                     ACL permission to allow access.
    --deny                      ACL permission to restrict access to resource.
    --principal string          REQUIRED: Principal for this operation with User: or Group: prefix.
    --host string               Set host for access. Only IP addresses are supported. (default "*")
    --operation string          REQUIRED: Set ACL Operation to: (all, alter, alter-configs, cluster-action, create, delete, describe, describe-configs, idempotent-write, read, write).
    --cluster-scope             Set the cluster resource. With this option the ACL grants
                                access to the provided operations on the Kafka cluster itself.
    --consumer-group string     Set the Consumer Group resource.
    --transactional-id string   Set the TransactionalID resource.
    --topic string              Set the topic resource. With this option the ACL grants the provided
                                operations on the topics that start with that prefix, depending on whether
                                the --prefix option was also passed.
    --prefix                    Set to match all resource names prefixed with this value.
-o, --output string             Specify the output format as "human", "json", or "yaml". (default "human")

Global Flags

-h, --help            Show help for this command.
-v, --verbose count   Increase verbosity (-v for warn, -vv for info, -vvv for debug, -vvvv for trace).


You can specify only one of the following flags per command invocation: cluster-scope, consumer-group, topic, or transactional-id. For example, for a consumer to read a topic, you need to grant READ and DESCRIBE both on the consumer-group and the topic resources, issuing two separate commands:

confluent kafka acl create --allow --principal User:Jane --operation READ --operation DESCRIBE --consumer-group java_example_group_1
confluent kafka acl create --allow --Group:Finance --operation READ --operation DESCRIBE --topic '*'

See Also