1. Managing ZFS File Systems in Oracle Solaris 11.4
  2. Oracle Solaris ZFS Delegated Administration
  3. Displaying ZFS Delegated Permissions Examples

Displaying ZFS Delegated Permissions Examples

You can use the following command to display permissions:

$ zfs allow dataset

This command displays permissions that are set or allowed on the specified dataset. The output contains the following components:

  • Permission sets

  • Individual permissions or create-time permissions

  • Local dataset

  • Local and descendant datasets

  • Descendant datasets only

Example 9-6 Displaying Basic Delegated Administration Permissions

The following output indicates that user mindy has create, destroy, mount, snapshot permissions on the system1/mindy file system. 

$ zfs allow system1/mindy
-------------------------------------------------------------
Local+descendant permissions on (system1/mindy)
user mindy create,destroy,mount,snapshot

Example 9-7 Displaying Complex Delegated Administration Permissions

The output in this example indicates the following permissions on the pool/glori and pool file systems.

For the pool/glori file system:

  • Two permission sets are defined:

    • @eng (create, destroy, snapshot, mount, clone, promote, rename)

    • @simple (create, mount)

  • Create-time permissions are set for the @eng permission set and the mountpoint property. Create-time means that after a file system set is created, the @eng permission set and the permission to set the mountpoint property are delegated.

  • User tomi is delegated the @eng permission set, and user joe is granted create, destroy, and mount permissions for local file systems.

  • User glori is delegated the @basic permission set, and share and rename permissions for the local and descendant file systems.

  • User dina and the staff group are delegated the @basic permission set for descendant file systems only.

For the pool file system:

  • The permission set @simple (create, destroy, mount) is defined.

  • The group staff is granted the @simple permission set on the local file system.

Here is the output for this example:

$ zfs allow pool/glori
---- Permissions on pool/glori ----------------------------------------
Permission sets:
@eng create,destroy,snapshot,mount,clone,promote,rename
@simple create,mount
Create time permissions:
@eng,mountpoint
Local permissions:
user tomi @eng
user joe create,destroy,mount
Local+descendant permissions:
user glori @basic,share,rename
user dina @basic
group staff @basic
---- Permissions on pool ---------------------------------------------
Permission sets:
@simple create,destroy,mount
Local permissions:
group staff @simple