acl set
Modifies the Access Control List (ACL) for a cluster, volume, or security policy.
The acl set
command specifies the Access Control List (ACL) for a cluster or volume. Any previous
permissions are overwritten by the new values, and any permissions omitted are removed. To
use the acl set
command, you must have administrative (a) permissions on
the volume and cluster for which you are running the command. The ACL
permissions are specified as a comma-separated list of permission codes. See acl. You must specify either a user
or a
group
. When the type
is volume
, you
must specify a volume name using the name
parameter.
The acl set
command removes any previous ACL values. To preserve some of
the permissions, you should either use the acl edit
command instead of acl set
, or use
acl show
to list the values before overwriting them.
Syntax
- CLI
-
maprcli acl set [ -cluster <cluster name> ] [ -group <group> ] [ -name <name> ] -type cluster|volume|securitypolicy [ -user <user> ]
- REST
-
Request Type POST Request URL http[s]://<host>:<port>/rest/acl/set?<parameters>
Parameters
Parameter |
Description |
---|---|
cluster |
(Optional) The cluster on which to run the command. |
group |
(Optional) Groups and allowed actions for each group. See acl. Format: |
name |
(Optional) The object name. For a volume, specify the name of the volume in this parameter. To set security policy level permissions, specify the name of the security policy, in this parameter. |
type |
(Required) The object type. Allowed values are |
user |
(Optional) Users and allowed actions for each user. See acl. Format: |
Examples
Give the userroot
full control of the
my.cluster.com
cluster and remove all permissions for all other users: - CLI
-
maprcli acl set -type cluster -user user10:fc
- REST
-
# curl -X POST 'https://abc.sj.us:8443/rest/acl/set?type=cluster&user=user10%3Afc' --user <username>:<password> {"timestamp":1525462091620,"timeofday":"2018-05-04 12:28:11.620 GMT-0700 PM","status":"OK","total":0,"data":[]}
# maprcli acl show -type cluster
Allowed actions Principal
[login, ss, cv, a, fc, cp] User mapr
[login, ss, cv, a, fc, cp] User root
[login, cp] User fuser1
maprcli acl set -type cluster -cluster my.cluster.com -user root:fc
maprcli acl show -type cluster
Principal Allowed actions
User root [login, ss, cv, a, fc, cp]
egVol1
volume and remove all permissions for all
other users: - CLI
-
maprcli acl set -type volume -name egVol1 -user m7user5:dump,restore,m m7user4:fc -json { "timestamp":1525462647371, "timeofday":"2018-05-04 12:37:27.371 GMT-0700 PM", "status":"OK", "total":0, "data":[ ] }
- REST
-
curl -k -X POST 'https://abc.sj.us:8443/rest/acl/set?type=volume&name=egVol1&user=m7user5%3Adump,restore,m%20m7user4%3Afc' --user mapr:mapr {"timestamp":1525463080941,"timeofday":"2018-05-04 12:44:40.941 GMT-0700 PM","status":"OK","total":0,"data":[]}