Delete a Managed Kafka ACL
Stay organized with collections Save and categorize content based on your preferences.

You can permanently delete a Managed Service for Apache Kafka ACL resource. This action removes the resource and all the individual permission rules known as ACL entries associated with its resource pattern from the Kafka cluster.

CAUTION: Deleting a Managed Service for Apache Kafka ACL resource is irreversible. Because Managed Service for Apache Kafka clusters use the default Kafka setting allow.everyone.if.no.acl.found=true, deleting the only ACL resource that applies to a specific resource pattern might unintentionally grant access to all authenticated principals for that pattern. Ensure you understand the implications before deleting an ACL resource.

Required roles and permissions

To get the permissions that you need to delete a Managed Kafka ACL, ask your administrator to grant you the Managed Kafka ACL Editor (roles/managedkafka.aclEditor) IAM role on the Managed Kafka ACL resource. For more information about granting roles, see Manage access to projects, folders, and organizations.

This predefined role contains the permissions required to delete a Managed Kafka ACL. To see the exact permissions that are required, expand the Required permissions section:

Required permissions

The following permissions are required to delete a Managed Kafka ACL:

Delete an ACL: managedkafka.acls.delete

You might also be able to get these permissions with custom roles or other predefined roles.

The Managed Kafka ACL Editor (roles/managedkafka.aclEditor) role contains the necessary permission to delete ACL resources. For more details, see Google Cloud Managed Service for Apache Kafka predefined roles.

Delete an ACL

Install the Google Cloud CLI.
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
To initialize the gcloud CLI, run the following command:
```
gcloud init
```
Run the gcloud managed-kafka acls delete command:

gcloud managed-kafka acls delete ACL_ID \
  --cluster=CLUSTER_ID \
  --location=LOCATION \

Replace the following:

ACL_ID (required): the unique ID of the Managed Service for Apache Kafka ACL resource you want to delete. This identifies the resource pattern. For more information about the ACL ID, see ACL ID.
CLUSTER_ID (required): the ID of the cluster containing the ACL resource.
LOCATION (required): the region where the cluster is located. For more information about the region, see Supported locations.

This command permanently deletes the specified ACL resource and all the underlying Apache Kafka ACL bindings associated with its resource pattern. You are prompted to confirm the deletion.

Sample command

Run the following command to delete an ACL called topic/test-topic:

gcloud managed-kafka acls delete topic/test-topic  \
  --project=test-project \
  --location=us-central1 \
  --cluster=test-cluster

The following is the sample output of the command:

You are about to delete acl [topic/test-topic].
Do you want to continue (Y/n)?  y
Deleted acl [topic/test-topic].

The output of the delete command includes a confirmation prompt before proceeding with the deletion. Upon successful deletion, a message confirms that the ACL resource is removed.

What's next

Apache Kafka® is a registered trademark of The Apache Software Foundation or its affiliates in the United States and/or other countries.

Delete a Managed Kafka ACL Stay organized with collections Save and categorize content based on your preferences.