acl show

Displays the ACL associated with an object (cluster or a volume).

Syntax

An ACL contains the list of users who can perform specific actions.

CLI
maprcli acl show
     -type object type [cluster|volume|securitypolicy] 
	[ -name name ]
	[ -cluster cluster name ]
	[ -user userName whose ACL is queried ]
	[ -group groupName whose ACL is queried ]
	[ -output output format short|long|terse (default short). default: short ]
	[ -perm list of available permissions Parameter takes no value  ]
REST
Request Type GET
Request URL
http[s]://<host>:<port>/rest/acl/show?<parameters> 

Parameters

Parameter

Description

cluster

(Optional) The name of the cluster on which to run the command.- The default is the cluster on which the command is run.

group

(Optional) The group for which to display permissions. By default, displays permissions for all groups by default.

name

(Conditionally Required) The object name. To view security policy level permissions, specify the name of the security policy in this parameter. This parameter is required for the securitypolicy ACL type.

output

(Optional) The output format:

  • long
  • short
  • terse

The default format is short.

perm

(Optional) When you specify this option, acl show displays the permissions available for the object type specified in the type parameter.

type

(Required) The object type. Allowed values are cluster, volume or securitypolicy. To get security policy level permissions, specify the type as securitypolicy.

user

(Optional) The user for whom to display permissions.

By default, displays permissions for all users.

Output

The actions that each user or group is allowed to perform on the cluster or the specified volume. For information about each allowed action, see acl.

Principal   Allowed actions     
User root   [login, ss, cv, a, fc, cp]  
Group root  [login, ss, cv, a, fc, cp]  
All users   [login] 

Examples

Show the ACL for the cluster:

CLI
maprcli acl show -type cluster -json
{
	"timestamp":1555494572399,
	"timeofday":"2019-04-17 02:49:32.399 GMT-0700 AM",
	"status":"OK",
	"total":2,
	"data":[
		{
			"Principal":"User mapr",
			"Allowed actions":"[login, ss, cv, a, fc, cp]"
		},
		{
			"Principal":"User root",
			"Allowed actions":"[login, ss, cv, a, fc, cp]"
		}
	]
}
REST
curl -u mapr:mapr -X GET -k "https://abc.sj.us:8443/rest/acl/show?type=cluster"
{"timestamp":1555494852652,"timeofday":"2019-04-17 02:54:12.652 GMT-0700 AM","status":"OK","total":2,"data":[{"Principal":"User mapr","Allowed actions":"[login, ss, cv, a, fc, cp]"},{"Principal":"User root","Allowed actions":"[login, ss, cv, a, fc, cp]"}]}

Show the ACL for "test-volume":

CLI
maprcli acl show -type volume -name sampleVol1
Allowed actions               Principal  
[dump, restore, m, a, d, fc]  User mapr  
[dump, restore, m, d, fc]     User foo   
[dump, restore, a]            User bar   
[m, d]                        User abc
REST
curl -u mapr:mapr -X GET -k "https://abc.sj.us:8443/rest/acl/show?type=volume&name=sampleVol1"
{"timestamp":1525461068100,"timeofday":"2018-05-04 12:11:08.100 GMT-0700 PM","status":"OK","total":4,"data":[{"Principal":"User mapr","Allowed actions":"[dump, restore, m, a, d, fc]"},{"Principal":"User foo","Allowed actions":"[dump, restore, m, d, fc]"},{"Principal":"User bar","Allowed actions":"[dump, restore, a]"},{"Principal":"User abc","Allowed actions":"[m, d]"}]}

Show the permissions that can be set on a cluster:

CLI
maprcli acl show -type cluster -perm
Permissions  Description                         
login        Login access                        
ss           Start/stop services in the cluster  
cv           Create volumes                      
a            Administrator                       
fc           Full control                        
cp           Create security policies 
REST
curl -u mapr:mapr -X GET -k "https://abc.sj.us:8443/rest/acl/show?type=cluster&perm"
{"timestamp":1555497261931,"timeofday":"2019-04-17 03:34:21.931 GMT-0700 AM","status":"OK","total":6,"data":[{"Permissions":"login","Description":"Login access"},{"Permissions":"ss","Description":"Start/stop services in the cluster"},{"Permissions":"cv","Description":"Create volumes"},{"Permissions":"a","Description":"Administrator"},{"Permissions":"fc","Description":"Full control"},{"Permissions":"cp","Description":"Create security policies"}]}

Display the available security-level permissions:

CLI
maprcli acl show -type securitypolicy -perm -name hipaa
    Permissions  Description           
      r            Read    
      a            Admin             
      fc           Full control    
              
REST
curl -u mapr:mapr -X GET -k "https://abc.sj.us:8443/rest/acl/show?type=securitypolicy&perm&name=hipaa"
  {"timestamp":1525459863777,"timeofday":"2019-02-04 11:51:03.777 GMT-0700 AM","status":"OK","total":3,"data":[{"Permissions":"r","Description":"Read"},{"Permissions":"a","Description":"Read"},{"Permissions":"fc","Description":"Full control"}]}

Display list of users and security policy permissions:

CLI

Run the maprcli acl show -type securitypolicy command without the -perm option, to display the list of users who have security policy level permissions for the policy, and the respective permissions:

maprcli acl show -type securitypolicy -name hipaa
     Allowed actions  Principal     
     [r, a, fc]       User tom    
     [a]              User harry              
REST
curl -u mapr:mapr -X GET -k "https://abc.sj.us:8443/rest/acl/show?type=securitypolicy&name=hipaa"
{"timestamp":1555498377874,"timeofday":"2019-04-17 03:52:57.874 GMT-0700 AM","status":"OK","total":2,"data":[{"Principal":"User tom","Allowed actions":"[r, a, fc]"},{"Principal":"User harry","Allowed actions":"[a]"}]}

Displays only name, ID and ACL for a user having ONLY policy level admin permissions.

CLI
maprcli security policy create -name testpolicy1 -user root:r,a,fc fuser1:a fuser2:fc -readfileace u:fuser1

maprcli acl show -type securitypolicy -name testpolicy1 -user fuser2
   Allowed actions Principal
   [r, fc] User fuser2

maprcli acl show -type securitypolicy -name testpolicy1 -user fuser1
   Allowed actions Principal
   [a] User fuser1
             
maprcli security policy info -name testpolicy1 -json
             {
             "timestamp":1551432309820,
             "timeofday":"2019-03-01 01:25:09.820 GMT‌-0800 AM",
             "status":"OK",
             "total":1,
             "data":[
             {
             "policyname":"testpolicy1",
             "policyid":19,
             "acl":[
             {
             "Principal":"User root",
             "Allowed actions":"[r, a, fc]"
             },
             {
             "Principal":"User fuser1",
             "Allowed actions":"[a]"
             },
             {
             "Principal":"User fuser2",
             "Allowed actions":"[r, fc]"
             }
             ]
             }
             ]
             }