3.5.2 Modify an ACL

To modify an access control list (ACL) for an Exascale vault or file, use the ESCLI chacl command and specify:

  1. The vault or file for which you are modifying the ACL.

  2. The ACL string, which defines the modification to the ACL.

    The ACL string is a list of user IDs and ACL privilege pairs. Depending on the user creation method, the user ID may be a system-generated value or a user-specified value. For example:

    dd7c8e35-3c8d-4441-a9b0-f58e959b84ba:read;scott:inspect

    If the ACL string begins with the plus (+) operator, the specified ACL string merges into the existing ACL. In this case, the changes only impact the users specified in the ACL string, and all other users in the existing ACL retain their permissions. Without the optional plus (+) operator, the ACL is completely overwritten by the specified ACL string, enabling permissions only for the users specified in the new ACL string.

  • To set the ACL for a vault, use the chacl command and specify the vault and the new ACL string. For example, to make jenny the sole manager of @vault1 use:
    @> chacl @vault1 jenny:manage
  • To set the ACL for a file, use the chacl command and specify the file and the new ACL string. For example, to make jenny the manager and jill a reader of @vault1/file1 use:
    @> chacl @vault1/file1 jenny:manage;jill:read
  • To modify an existing ACL, use the chacl command, specify the vault or file name, and specify an ACL string that begins with +. For example, the following command enables peter as a user of @vault1:
    @> chacl @vault1 +peter:use

    In this example, if peter is not listed in the existing ACL, an entry for peter is added to the ACL. Otherwise, if the existing ACL already includes an entry for peter, the existing entry is modified. In either case, all other users in the existing ACL retain their permissions.

  • To remove a user from an ACL, use the chacl command, specify the vault or file name, and specify an ACL string that begins with + and contains none as the ACL privilege. For example, to remove jill from the ACL for @vault1/file1 use:
    @> chacl @vault1/file1 +jill:none

Parent topic: Administer Access Control Lists