acl
Describes the acl commands used to access control lists (ACLs).
Specifying Permissions
Specify permissions for a user or group with a string that lists the permissions for that user or group. To specify permissions for multiple users or groups, use a string for each, separated by spaces. The format is as follows:
- Users -
<user>:<action>[,<action>...][<user>:<action>[,<action...]]
- Groups -
<group>:<action>[,<action>...][<group>:<action>[,<action...]]
To use the acl edit
command, you must have full control
(fc
) permission on the cluster or volume for which you are running the
command.
The following tables list the permission codes used by the acl
commands.
Cluster Permission Codes
Permission Code |
Allowed Action |
---|---|
login |
Log in to the Control System, use the API and command-line interface, read access on cluster and volumes. |
ss |
Start/stop services. |
cv |
Create volumes. |
a |
Administrative access to cluster ACLs. Grants no other permissions. |
fc |
Full control over the cluster. This enables all cluster-related administrative options with the exception of changing the cluster ACLs. |
cp | Create security policies |
Volume Permission Codes
Code |
Allowed Action |
---|---|
dump |
Dump the volume. |
restore |
Mirror or restore the volume. |
m |
Modify volume properties, create and delete snapshots. |
d |
Delete a volume. |
a |
Administrative access to volume ACLs. |
fc |
Full control (admin access and permission to change volume ACL). |
Security Policy Permission Codes
Code |
Allowed Action |
---|---|
a (admin) |
View and modify the permissions on a security policy; cannot view or modify the security policy. |
fc (full control) |
View and modify the security policy, including data access ACEs; cannot view or modify the permissions on a security policy. |
r (read) |
View all parts of a security policy; cannot modify the security policy. |
External S3 Permission Codes
Code |
Allowed Action |
---|---|
cs3(connect s3) |
Connect to an external S3 server |
IAM Policy Permission Codes
Code |
Allowed Action |
---|---|
cip (create iam policy) |
Create, edit, delete an IAM Policy |
aip (attach iam policy) | Attach/assign IAM policy |
User-defined Role Permission Codes
Code |
Allowed Action |
---|---|
cir (create role) |
Create, edit, delete a user-defined role |
air (attach role) | Attach/assign a user-defined role |