acl

Describes the acl commands used to access control lists (ACLs).

Specifying Permissions

Specify permissions for a user or group with a string that lists the permissions for that user or group. To specify permissions for multiple users or groups, use a string for each, separated by spaces. The format is as follows:

  • Users -
    <user>:<action>[,<action>...][<user>:<action>[,<action...]]
  • Groups -
    <group>:<action>[,<action>...][<group>:<action>[,<action...]]

To use the acl edit command, you must have full control (fc) permission on the cluster or volume for which you are running the command.

The following tables list the permission codes used by the acl commands.

Cluster Permission Codes

Permission Code

Allowed Action

login

Log in to the Control System, use the API and command-line interface, read access on cluster and volumes.

ss

Start/stop services.

cv

Create volumes.

a

Administrative access to cluster ACLs. Grants no other permissions.

fc

Full control over the cluster. This enables all cluster-related administrative options with the exception of changing the cluster ACLs.

cp Create security policies

Volume Permission Codes

Code

Allowed Action

dump

Dump the volume.

restore

Mirror or restore the volume.

m

Modify volume properties, create and delete snapshots.

d

Delete a volume.

a

Administrative access to volume ACLs.

fc

Full control (admin access and permission to change volume ACL).

Security Policy Permission Codes

Code

Allowed Action

a (admin)

View and modify the permissions on a security policy; cannot view or modify the security policy.

fc (full control)

View and modify the security policy, including data access ACEs; cannot view or modify the permissions on a security policy.

r (read)

View all parts of a security policy; cannot modify the security policy.

External S3 Permission Codes

Code

Allowed Action

cs3(connect s3)

Connect to an external S3 server

IAM Policy Permission Codes

Code

Allowed Action

cip (create iam policy)

Create, edit, delete an IAM Policy
aip (attach iam policy) Attach/assign IAM policy

User-defined Role Permission Codes

Code

Allowed Action

cir (create role)

Create, edit, delete a user-defined role
air (attach role) Attach/assign a user-defined role