Kafka DescribeAcls Response Wire Format v1

What is DescribeAcls?

Shows access control entries via kafka-acls.sh --list. Supports filter matching by resource type, principal, or operation, which helps when debugging AUTHORIZATION_FAILED errors or auditing write access to sensitive topics.

Wire Diagram

Response Header

message_size int32 · 4B

correlation_id int32 · 4B

DescribeAclsResponse v1

ThrottleTimeMs int32 · 4B

ErrorCode int16 · 2B

ErrorMessage? string

Resources array

ResourceType int8 · 1B

ResourceName string

PatternType int8 · 1B

Acls array

Principal string

Host string

Operation int8 · 1B

PermissionType int8 · 1B

Schema & Example

Schema
{
  "ThrottleTimeMs": int32,
  "ErrorCode": int16,
  "ErrorMessage": string?,
  "Resources": [{
      "ResourceType": int8,
      "ResourceName": string,
      "PatternType": int8,
      "Acls": [{
          "Principal": string,
          "Host": string,
          "Operation": int8,
          "PermissionType": int8
      }]
  }]
}

Example
{
  "ThrottleTimeMs": 0,
  "ErrorCode": 0,
  "ErrorMessage": "NETWORK_EXCEPTION",
  "Resources": [{
      "ResourceType": 2,
      "ResourceName": "orders",
      "PatternType": 1,
      "Acls": [{
          "Principal": "User:alice",
          "Host": "broker-1.kafka.local",
          "Operation": 2,
          "PermissionType": 3
      }]
  }]
}

Kafka DescribeAcls Response Wire Format v1 — Binary Protocol Layout

What is DescribeAcls?

Wire Diagram

Schema & Example