7.2.2 chacl
Modify the access control list (ACL) for an Exascale file.
Syntax
chacl file-name acl-string
[{ -w | --wallet } wallet-location ]
[{ -T | --trace } trace-level ]
[{ -j | --json } [ --compact ]]Command Options
The options for the
chacl command are:
-
file-name: Specifies the name of the file that is the subject of the operation. -
acl-string: Specifies an ACL string having the following format.
[+]user-ID1:acl-permission[;user-ID2:acl-permission]...In the ACL string:
-
The optional plus (
+) operator at the beginning of the ACL string indicates that the specified ACL string merges into the existing ACL. In this case, the changes only impact the users in the specified ACL string, and all other users in the existing ACL retain their permissions. Without the optional plus (+) operator, the ACL is completely overwritten by the specified ACL string. -
user-IDn: Specifies an Exascale user ID.
Depending on the user creation method, the user ID may be a system-generated value (for example,
96a68014-5762-4579-86ee-29eb743decbd) or a user-specified value (for example,scott). -
acl-permission: Specifies an ACL permission setting, which can be one of the following:
I | inspect: Specifies that the user can view attributes of the file, but not its contents.R | read: Specifies that the user can read contents of the file. Also confers theinspectpermission.U | use: Specifies that the user can write to the file. Also confers all preceding permissions.M | manage: Specifies that the user can manage the file. Also confers all preceding permissions.0 | none: Specifies that the user is removed from the ACL and loses all permissions. This setting can be used only in conjunction with the plus (+) operator to remove a user from an existing ACL.
-
-
-w,--wallet: Optionally specifies the path to the Exascale wallet directory. -
-T,--trace: Optionally enables tracing, with the trace level (trace-level) set to1(minimum tracing),2(medium tracing), or3(maximum tracing). If the trace level is not specified, then minimum tracing is enabled by default.The trace file is written to the first accessible location in the following list:
-
If the
$ADR_BASEenvironment variable is set:$ADR_BASE/diag/EXC/xsh_<user-name>/<host-name>/trace/xsh_<date>.trc /var/log/oracle/diag/EXC/xsh_<user-name>/<host-name>/trace/xsh_<date>.trc/tmp/diag/EXC/xsh_<user-name>/<host-name>/trace/xsh_<date>.trc
-
-
-j,--json: Displays the output in JSON format. -
--compact: Displays JSON formatted output in a compact format, without white space and line breaks.
Examples
Example 7-2 Replace a File ACL
In this example, the ACL string for the file @my-data/file1 is replaced with the new ACL string. Under the new ACL, scott is permitted to read and inspect the file. No other user can access this file unless permitted by the vault ACL.
$ xsh chacl @my-data/file1 scott:RExample 7-3 Change a File ACL
In this example, the plus sign (+) at the
beginning of the ACL string indicates that the specified ACL string
is merged into the existing file ACL. In this case, any pre-existing
permissions for jason are overwritten, and
jason is permitted to inspect, read, write,
and manage the file. No other user permissions are changed.
$ xsh chacl @my-data/file1 +jason:MExample 7-4 Remove User Privileges from a File ACL
In this example,
the plus sign (+) at the beginning of the ACL
string indicates that the specified ACL string is merged into the
existing file ACL. However, in this case, any pre-existing
permissions for scott are removed. No other user
permissions are
changed.
$ xsh chacl @my-data/file1 +scott:noneExample 7-5 Replace a File ACL using an ACL String that Specifies Multiple Users
In this example, the ACL string for the file is replaced
with the new ACL string that specifies permissions for multiple
users. Under the new ACL, scott can inspect the
file, and jason can read and inspect the file. No
other user can access this file unless permitted by the vault
ACL.
$ xsh chacl @my-data/file1 scott:inspect;jason:readRelated Topics
Parent topic: XSH Command Reference