1. Exascale User's Guide
  2. Using ESCLI
  3. ESCLI Command Reference
  4. Security and User Management
  5. chacl

6.2.4.1 chacl

Change an access control list (ACL).

Purpose

The chacl command allows you to change the ACL for an Exascale vault or file.

Syntax

chacl  { file-name | vault-name } acl-string

Command Options

The options for the chacl command are:

  • { file-name | vault-name }: Specifies the name of the file or vault that is the subject of the operation.

  • acl-string: Specifies an ACL string having the following format. 

    [+]userID1:acl-priv[;userID2:acl-priv] ...

    In the ACL string:

    • The optional plus sign (+) at the beginning of the ACL string indicates that the specified ACL string is merged into the existing ACL for the file or vault. In this case, users previously listed in the ACL are updated, and new users are added. Without the optional plus sign, the previous ACL is overwritten.

    • userIDn: Specifies an Exascale user ID.

      Depending on the user creation method, the user ID may be a system-generated value (for example, 96a68014-5762-4579-86ee-29eb743decbd) or a user-specified value (for example, scott).

    • acl-priv: Specifies an ACL privilege, which can be one of the following:

      • I | inspect: Specifies that the user can view attributes of the file or vault but not its contents.
      • R | read: Specifies that the user can read contents of the file, or list files in the vault. Also confers the inspect permission.
      • U | use: Specifies that the user can write to the file, and use the vault. Also confers all preceding permissions.
      • M | manage: Specifies that the user can manage the file or vault. Also confers all preceding permissions.
      • 0 | none: Specifies that the user loses all existing permissions.

Examples

Example 6-27 Replace a File ACL

In this example, the ACL string for the file is replaced with the new ACL string. Under the new ACL, scott is permitted to read and inspect the file. No other user can access this file unless permitted by the vault ACL. 

@> chacl @VAULT/file scott:R

Example 6-28 Change a File ACL

In this example, the plus sign (+) at the beginning of the ACL string indicates that the specified ACL string is merged into the existing file ACL. In this case, any pre-existing permissions for jason are overwritten, and jason is now permitted to inspect, read, write, and manage the file. No other user permissions are changed. 

@> chacl @VAULT/file +jason:M

Example 6-29 Replace a File ACL using an ACL String that Specifies Multiple Users

In this example, the ACL string for the file is replaced with the new ACL string that specifies permissions for multiple users. Under the new ACL, scott can inspect the file, and jason can read and inspect the file. No other user can access this file unless permitted by the vault ACL. 

@> chacl @VAULT/file scott:inspect;jason:read

Parent topic: Security and User Management