3.5.2 Modify an ACL

To modify an access control list (ACL) for an Exascale vault or file, use the ESCLI chacl command and specify:

1. The vault or file for which you are modifying the ACL.

2. The ACL string, which defines the modification to the ACL.

   The ACL string is a list of user IDs and ACL privilege pairs. Depending on the user creation method, the user ID may be a system-generated value or a user-specified value. For example:

   dd7c8e35-3c8d-4441-a9b0-f58e959b84ba:read;scott:inspect

   If the ACL string begins with a plus sign (+), then the rest of the ACL string is added to the existing ACL for the file or vault. Without the +, the existing vault or file ACL is overwritten.

• To set the ACL for a vault, use the chacl command and specify the vault and the new ACL string. For example, to make jenny the sole manager of @vault1 use:

  @> chacl @vault1 jenny:manage

• To set the ACL for a file, use the chacl command and specify the file and the new ACL string. For example, to make jenny the manager and jill a reader of @vault1/file1 use:

  @> chacl @vault1/file1 jenny:manage;jill:read

• To add to an existing ACL, use the chacl command, specify the vault or file name, and specify an ACL string that begins with +. For example, to add peter as a user of @vault1 use:

  @> chacl @vault1 +peter:use

• To remove a user from an ACL, use the chacl command, specify the vault or file name, and specify an ACL string that begins with + and uses the ACL privilege none. For example, to remove jill from the ACL for @vault1/file1 use:

  @> chacl @vault1/file1 +jill:none