acl set

Modifies the Access Control List (ACL) for a cluster, volume, or security policy.

The acl set command specifies the Access Control List (ACL) for a cluster or volume. Any previous permissions are overwritten by the new values, and any permissions omitted are removed. To use the acl set command, you must have administrative (a) permissions on the volume and cluster for which you are running the command. The ACL permissions are specified as a comma-separated list of permission codes. See acl. You must specify either a user or a group. When the type is volume, you must specify a volume name using the name parameter.

The acl set command removes any previous ACL values. To preserve some of the permissions, you should either use the acl edit command instead of acl set, or use acl show to list the values before overwriting them.

Syntax

CLI 
/opt/mapr/bin/maprcli acl set
    [ -cluster <cluster name> ]
    [ -group <group> ]
    [ -name <name> ]
    -type cluster|volume|securitypolicy
    [ -user <user> ]
REST
Request Type POST
Request URL 
http[s]://<host>:<port>/rest/acl/set?<parameters>

Parameters

Parameter

Description

cluster

The cluster on which to run the command.

group

Groups and allowed actions for each group. See acl. Format: <group>:<action>[,<action>...][ <group>:<action>[,<action...]]

name

The object name. For a volume, specify the name of the volume in this parameter.

To set security policy level permissions, specify the name of the security policy, in this parameter.

type

The object type. Allowed values are cluster, volume or securitypolicy.

user

Users and allowed actions for each user. See acl. Format: <user>:<action>[,<action>...][ <user>:<action>[,<action...]]

Examples

Give the user root full control of the my.cluster.com cluster and remove all permissions for all other users:
CLI 
/opt/mapr/bin/maprcli acl set -type cluster -user user10:fc
REST
# curl -k -X POST 'https://abc.sj.us:8443/rest/acl/set?type=cluster&user=user10%3Afc' --user mapr:mapr
{"timestamp":1525462091620,"timeofday":"2018-05-04 12:28:11.620 GMT-0700 PM","status":"OK","total":0,"data":[]}
Usage Example 
# /opt/mapr/bin/maprcli acl show -type cluster
Allowed actions           Principal  
[login, ss, cv, a, fc, cp] User mapr  
[login, ss, cv, a, fc, cp] User root  
[login, cp]  User fuser1 

# /opt/mapr/bin/maprcli acl set -type cluster -cluster my.cluster.com -user root:fc
# /opt/mapr/bin/maprcli acl show -type cluster
Principal  Allowed actions
User root  [login, ss, cv, a, fc, cp]
WARNING Notice that the specified permissions have overwritten the existing ACL.
Give multiple users specific permissions for the egVol1 volume and remove all permissions for all other users:
CLI 
# /opt/mapr/bin/maprcli acl set -type volume -name egVol1 -user m7user5:dump,restore,m m7user4:fc -json
{
	"timestamp":1525462647371,
	"timeofday":"2018-05-04 12:37:27.371 GMT-0700 PM",
	"status":"OK",
	"total":0,
	"data":[
		
	]
}
REST
# curl -k -X POST 'https://10.10.82.24:8443/rest/acl/set?type=volume&name=egVol1&user=m7user5%3Adump,restore,m%20m7user4%3Afc' --user mapr:mapr
{"timestamp":1525463080941,"timeofday":"2018-05-04 12:44:40.941 GMT-0700 PM","status":"OK","total":0,"data":[]}