1.2.16 Access Control Lists
Access control lists (ACLs) govern the operations that users can perform on Exascale vaults and files.
Each Exascale vault or file has an ACL. A vault ACL enables users to perform actions on the vault and on the files that it contains. A file ACL only controls the file that it is associated with.
The following table lists the ACL privileges and the actions that they enable users to perform:
ACL Privilege | In a vault ACL, the ACL privilege enables the user to: | In a file ACL, the ACL privilege enables the user to: |
---|---|---|
inspect |
|
|
read |
|
|
use |
|
|
manage |
|
|
Note that the same ACL privilege enables different actions in a vault
ACL or a file ACL. For example, in a file ACL the read
privilege enables the user to read the contents of the file. However, to
read file contents using a vault ACL requires the use
privilege.
Every ACL is a list of user IDs and privilege pairs. Depending on the user creation method, the user ID may be a system-generated value or a user-specified value. For example:
96a68014-5762-4579-86ee-29eb743decbd:manage;scott:use;sue:inspect;dd7c8e35-3c8d-4441-a9b0-f58e959b84ba:read
A user is added to an ACL when they are assigned one of the ACL
privileges. A user is removed from an ACL when they are assigned the
none
privilege. It is possible for a vault or file
to have an empty list of user and privilege pairs, which is also known as a
null ACL.
ACLs work in conjunction with user privileges, in particular vault top-level privileges. To perform an action on a vault or file, a user requires the appropriate ACL privilege or the appropriate vault top-level privilege. See Vault and File Access Control.
Related Topics
Parent topic: Exascale Components and Concepts