Creating an ACL from the Command Line

Describes how to use the Command Line to control access to a cluster.

To create an ACL at the command line, use the acl set command. Include spaces between multiple entries, such as a list of usernames and their associated permission levels (or actions).

The syntax is:

maprcli acl set -type volume -name <volume name> 
[-group <groupname>:<action> -user <username>:<action>]
Note: The acl set command removes previously set permissions if they are not explicitly called out in the command line.

Other ACL commands include:

  • acl edit - to modify permissions in an ACL (use this command instead of acl set to change some permissions while leaving others intact)
  • acl show - to display permissions in an ACL

Example

To create an ACL for a cluster named my.cluster.com that allows administration of cluster ACLs to user root and control over all other aspects of the cluster to all users in the developers group, enter this command:

maprcli acl set -type cluster -cluster my.cluster.com -user root:a -group developers:fc

Now suppose you want to change the developers group permissions so they can only log in and start or stop services. Use the acl edit command as shown:

maprcli acl edit -type cluster -cluster my.cluster.com -group developers:login,ss

Note that only the developers group's permissions change, while the user named root retains control over the cluster's ACL settings.