Creating Cluster-Level ACLs

About this task

A cluster-level ACL determines who has access to a cluster and which actions users are allowed to perform. ACLs on a secure HPE Data Fabric cluster are predicated on a locally-managed OS registry.

IMPORTANT

Before you create an ACL that applies to a particular group, you must create that group and assign users to it.

For example, the Red Hat Linux commands for creating a group called developers and adding a user named jsmith on a locally-managed OS registry are:

groupadd developers
useradd -g developers jsmith

After users and groups are defined, an administrator can create a cluster-level ACL using the Control System and CLI.

Creating an ACL from the Control System

Procedure

Click Admin > User Settings > Permissions.

Follow steps for Adding Cluster Permissions.

Each allowed action has a permission code associated with it. The codes are explained below.

Permission Code	Allowed Action
login	Log in to the Control System, use the API, command-line interface, and read access on cluster and volumes. NOTE Read access allows you to only view file-system objects that already exist. You cannot create volumes, policies, schedules, snapshots, or other file-system objects.
ss	Start/stop services
cv	Create volumes
cp	Create security policies
a	Provides administrative access to cluster ACLs. Grants no other permissions.
fc	Provides full control over the cluster. Enables all cluster-related administrative options, with the exception of changing the cluster ACLs.

Creating an ACL from the Command Line

About this task

To create an ACL at the command line, use the acl set command. Include spaces between multiple entries, such as a list of usernames and their associated permission levels (or actions).

The syntax is:

maprcli acl set -type volume -name <volume name> 
               [-group <groupname>:<action> -user <username>:<action>]

NOTE

The acl set command removes previously set permissions if they are not explicitly called out in the command line.

Other ACL commands include:

acl edit - To modify permissions in an ACL. Use this command instead of acl set to change some permissions while leaving others intact.
acl show - To display permissions in an ACL.

Example

To create an ACL for a cluster named my.cluster.com that allows administration of cluster ACLs to user root and control over all other aspects of the cluster to all users in the developers group, enter this command:

maprcli acl set -type cluster -cluster my.cluster.com -user root:a -group developers:fc

To change the developers group permissions so they can only log in and start or stop services, use the acl edit command:

maprcli acl edit -type cluster -cluster my.cluster.com -group developers:login,ss

Note that only the developers group's permissions change, while the root user retains control over cluster ACL settings.

HPE Data Fabric 8.1.0 Software Documentation
Abstract	This site contains documentation for HPE Data Fabric Software version 8.1.0 including installation, configuration, administration, and reference content, as well as content for the associated bundled ecosystem components and drivers.
Published	June 2026
Edition	8.1.0
Topic last updated	2023-03-26