acl show
Displays the ACL associated with an object (cluster or a volume).
Syntax
An ACL contains the list of users who can perform specific actions.
- CLI
-
/opt/mapr/bin/maprcli acl show -type object type [cluster|volume|securitypolicy] [ -name name ] [ -cluster cluster name ] [ -user userName whose ACL is queried ] [ -group groupName whose ACL is queried ] [ -output output format short|long|terse (default short). default: short ] [ -perm list of available permissions Parameter takes no value ] - REST
-
Request Type GET Request URL http[s]://<host>:<port>/rest/acl/show?<parameters>
Parameters
|
Parameter |
Description |
|---|---|
|
cluster |
The name of the cluster on which to run the command. |
|
group |
The group for which to display permissions. |
|
name |
The object name. To view security policy level permissions, specify the name of the security policy in this parameter.
This parameter is required for the |
|
output |
The output format:
The default format is |
|
perm |
When you specify this option, |
|
type |
The object type. Allowed values are
|
|
user |
The user for whom to display permissions. |
Output
The actions that each user or group is allowed to perform on the cluster or the specified volume. For information about each allowed action, see acl.
Principal Allowed actions
User root [login, ss, cv, a, fc, cp]
Group root [login, ss, cv, a, fc, cp]
All users [login] Examples
Show the ACL for the cluster:
- CLI
-
# /opt/mapr/bin/maprcli acl show -type cluster -json { "timestamp":1555494572399, "timeofday":"2019-04-17 02:49:32.399 GMT-0700 AM", "status":"OK", "total":2, "data":[ { "Principal":"User mapr", "Allowed actions":"[login, ss, cv, a, fc, cp]" }, { "Principal":"User root", "Allowed actions":"[login, ss, cv, a, fc, cp]" } ] } - REST
-
curl -u mapr:mapr -X GET -k "https://host:8443/rest/acl/show?type=cluster" {"timestamp":1555494852652,"timeofday":"2019-04-17 02:54:12.652 GMT-0700 AM","status":"OK","total":2,"data":[{"Principal":"User mapr","Allowed actions":"[login, ss, cv, a, fc, cp]"},{"Principal":"User root","Allowed actions":"[login, ss, cv, a, fc, cp]"}]}
Show the ACL for "test-volume":
- CLI
-
# /opt/mapr/bin/maprcli acl show -type volume -name sampleVol1 Allowed actions Principal [dump, restore, m, a, d, fc] User mapr [dump, restore, m, d, fc] User foo [dump, restore, a] User bar [m, d] User abc - REST
-
# curl -u mapr:mapr -X GET -k "https://host:8443/rest/acl/show?type=volume&name=sampleVol1" {"timestamp":1525461068100,"timeofday":"2018-05-04 12:11:08.100 GMT-0700 PM","status":"OK","total":4,"data":[{"Principal":"User mapr","Allowed actions":"[dump, restore, m, a, d, fc]"},{"Principal":"User foo","Allowed actions":"[dump, restore, m, d, fc]"},{"Principal":"User bar","Allowed actions":"[dump, restore, a]"},{"Principal":"User abc","Allowed actions":"[m, d]"}]}
Show the permissions that can be set on a cluster:
- CLI
-
# /opt/mapr/bin/maprcli acl show -type cluster -perm Permissions Description login Login access ss Start/stop services in the cluster cv Create volumes a Administrator fc Full control cp Create security policies - REST
# curl -u mapr:mapr -X GET -k "https://host:8443/rest/acl/show?type=cluster&perm" {"timestamp":1555497261931,"timeofday":"2019-04-17 03:34:21.931 GMT-0700 AM","status":"OK","total":6,"data":[{"Permissions":"login","Description":"Login access"},{"Permissions":"ss","Description":"Start/stop services in the cluster"},{"Permissions":"cv","Description":"Create volumes"},{"Permissions":"a","Description":"Administrator"},{"Permissions":"fc","Description":"Full control"},{"Permissions":"cp","Description":"Create security policies"}]}
Display the available security-level permissions:
- CLI
-
# /opt/mapr/bin/maprcli acl show -type securitypolicy -perm -name hipaa Permissions Description r Read a Admin fc Full control - REST
# curl -u mapr:mapr -X GET -k "https://10.10.82.29:8443/rest/acl/show?type=securitypolicy&perm&name=hipaa" {"timestamp":1525459863777,"timeofday":"2019-02-04 11:51:03.777 GMT-0700 AM","status":"OK","total":3,"data":[{"Permissions":"r","Description":"Read"},{"Permissions":"a","Description":"Read"},{"Permissions":"fc","Description":"Full control"}]}
Display list of users and security policy permissions:
- CLI
-
Run the
/opt/mapr/bin/maprcli acl show -type securitypolicycommand without the-permoption, to display the list of users who have security policy level permissions for the policy, and the respective permissions:# /opt/mapr/bin/maprcli acl show -type securitypolicy -name hipaa Allowed actions Principal [r, a, fc] User tom [a] User harry - REST
# curl -u mapr:mapr -X GET -k "https://host:8443/rest/acl/show?type=securitypolicy&name=hipaa" {"timestamp":1555498377874,"timeofday":"2019-04-17 03:52:57.874 GMT-0700 AM","status":"OK","total":2,"data":[{"Principal":"User tom","Allowed actions":"[r, a, fc]"},{"Principal":"User harry","Allowed actions":"[a]"}]}
Displays only name, ID and ACL for a user having ONLY policy level admin permissions.
- CLI
-
# /opt/mapr/bin/maprcli security policy create -name testpolicy1 -user root:r,a,fc fuser1:a fuser2:fc -readfileace u:fuser1 # /opt/mapr/bin/maprcli acl show -type securitypolicy -name testpolicy1 -user fuser2 Allowed actions Principal [r, fc] User fuser2 # /opt/mapr/bin/maprcli acl show -type securitypolicy -name testpolicy1 -user fuser1 Allowed actions Principal [a] User fuser1 # /opt/mapr/bin/maprcli security policy info -name testpolicy1 -json { "timestamp":1551432309820, "timeofday":"2019-03-01 01:25:09.820 GMT-0800 AM", "status":"OK", "total":1, "data":[ { "policyname":"testpolicy1", "policyid":19, "acl":[ { "Principal":"User root", "Allowed actions":"[r, a, fc]" }, { "Principal":"User fuser1", "Allowed actions":"[a]" }, { "Principal":"User fuser2", "Allowed actions":"[r, fc]" } ] } ] }