What is DescribeAcls?
Shows access control entries via kafka-acls.sh --list. Supports filter matching by resource type, principal, or operation, which helps when debugging AUTHORIZATION_FAILED errors or auditing write access to sensitive topics.
Wire Diagram
Request Header · flexible
message_size
int32 · 4B
api_key
int16 · 2B
api_version
int16 · 2B
correlation_id
int32 · 4B
client_id
string (compact)
tagged
var
DescribeAclsRequest v2
ResourceTypeFilter
int8 · 1B
ResourceNameFilter?
string (compact)
PatternTypeFilter
int8 · 1B
PrincipalFilter?
string (compact)
HostFilter?
string (compact)
Operation
int8 · 1B
PermissionType
int8 · 1B
tagged
var
Schema & Example
Schema { "ResourceTypeFilter": int8, "ResourceNameFilter": string?, "PatternTypeFilter": int8, "PrincipalFilter": string?, "HostFilter": string?, "Operation": int8, "PermissionType": int8 }
Example { "ResourceTypeFilter": 2, "ResourceNameFilter": null, "PatternTypeFilter": 1, "PrincipalFilter": "match-pattern", "HostFilter": "match-pattern", "Operation": 2, "PermissionType": 3 }