List Managed Kafka ACLs

This document describes how to list the Managed Kafka ACL resources that are defined for a specified Managed Service for Apache Kafka cluster.

Required roles and permissions

To get the permission that you need to list Managed Kafka ACLs, ask your administrator to grant you the Managed Kafka ACL Viewer (roles/managedkafka.aclViewer) IAM role on your project. For more information about granting roles, see Manage access to projects, folders, and organizations.

This predefined role contains the managedkafka.acls.list permission, which is required to list Managed Kafka ACLs.

You might also be able to get this permission with custom roles or other predefined roles.

List ACLs

gcloud

Run the gcloud managed-kafka acls list command:

gcloud managed-kafka acls list CLUSTER_ID \
  --location=LOCATION

Replace the following:

CLUSTER_ID The ID of your Kafka cluster.
LOCATION: The region of your Kafka cluster.

Sample command

Run the following command to view the details of the ACL associated with a cluster called kafka-cluster

gcloud managed-kafka acls list kafka-cluster \
  --location=us central1 \

The output is similar to the following:

---
aclEntries:
- host: '*'
  operation: ALL
  permissionType: ALLOW
  principal: User:admin@project.iam.gserviceaccount.com
etag: W/da909178
name: projects/gmk-consumer-smjo/locations/us-central1/clusters/default-cluster/acls/allTopics
patternType: LITERAL
resourceName: '*'
resourceType: TOPIC
---
aclEntries:
- host: '*'
  operation: ALL
  permissionType: ALLOW
  principal: User:admin@project.iam.gserviceaccount.com
etag: W/da909178
name: projects/test-project/locations/us-central1/clusters/default-cluster/acls/cluster
patternType: LITERAL
resourceName: kafka-cluster
resourceType: CLUSTER

The output includes the following information for each Managed Kafka ACL resource:

aclEntries: a list of access control entries for this ACL resource. Each entry defines a permission rule:
- host: the host from which the principal can access the resource. '*' indicates any host.
- operation: the Kafka operation type granted or denied. Examples—ALL, READ, WRITE.
- permissionType: whether the operation is ALLOW or DENY.
- principal: the user or service account to which the ACL entry applies. The format is typically User:{google_service_account_email} or the wildcard User:*.
etag: used for concurrency control during updates.
name: the unique identifier for the Managed Kafka ACL resource, including the project, location, cluster, and ACL ID.
patternType: the type of resource pattern defined by the ACL ID (LITERAL for a specific resource, PREFIXED for resources with a common prefix).
resourceName: the name of the Kafka resource to which the ACL applies. This can be a specific name like a topic name, a prefix, or a wildcard (*). For cluster-level ACLs, it is kafka-cluster.
resourceType: the type of Kafka resource to which the ACL applies such as TOPIC, CLUSTER, GROUP, TRANSACTIONAL_ID.

What's next

Apache Kafka® is a registered trademark of The Apache Software Foundation or its affiliates in the United States and/or other countries.

List Managed Kafka ACLs Stay organized with collections Save and categorize content based on your preferences.