Kafka Configs Kafka Protocol Wire Format API Versions KIPs Errors Kafka Upgrade Config Advisor Flink SQL
conduktor.io ↗

Kafka DescribeAcls Response Wire Format v3 — Binary Protocol Layout

What is DescribeAcls?

Shows access control entries via kafka-acls.sh --list. Supports filter matching by resource type, principal, or operation, which helps when debugging AUTHORIZATION_FAILED errors or auditing write access to sensitive topics.

Wire Diagram

Response Header · flexible
message_size int32 · 4B
correlation_id int32 · 4B
tagged var
DescribeAclsResponse v3
ThrottleTimeMs int32 · 4B
ErrorCode int16 · 2B
ErrorMessage? string (compact)
Resources array
tagged var
ResourceType int8 · 1B
ResourceName string (compact)
PatternType int8 · 1B
Acls array
tagged var
Principal string (compact)
Host string (compact)
Operation int8 · 1B
PermissionType int8 · 1B
tagged var

Schema & Example

Schema
{
  "ThrottleTimeMs": int32,
  "ErrorCode": int16,
  "ErrorMessage": string?,
  "Resources": [{
      "ResourceType": int8,
      "ResourceName": string,
      "PatternType": int8,
      "Acls": [{
          "Principal": string,
          "Host": string,
          "Operation": int8,
          "PermissionType": int8
      }]
  }]
}
Example
{
  "ThrottleTimeMs": 0,
  "ErrorCode": 0,
  "ErrorMessage": "NETWORK_EXCEPTION",
  "Resources": [{
      "ResourceType": 2,
      "ResourceName": "orders",
      "PatternType": 1,
      "Acls": [{
          "Principal": "User:alice",
          "Host": "broker-1.kafka.local",
          "Operation": 2,
          "PermissionType": 3
      }]
  }]
}