Creating an ACL from the Command Line

Describes how to use the Command Line to control access to a cluster.

To create an ACL at the command line, use the acl set command. Include spaces between multiple entries, such as a list of usernames and their associated permission levels (or actions).

The syntax is:

maprcli acl set -type volume -name <volume name> 
[-group <groupname>:<action> -user <username>:<action>]
Note: The acl set command removes previously set permissions if they are not explicitly called out in the command line.

Other ACL commands include:

  • acl edit - to modify permissions in an ACL (use this command instead of acl set to change some permissions while leaving others intact)
  • acl show - to display permissions in an ACL


To create an ACL for a cluster named that allows administration of cluster ACLs to user root and control over all other aspects of the cluster to all users in the developers group, enter this command:

maprcli acl set -type cluster -cluster -user root:a -group developers:fc

Now suppose you want to change the developers group permissions so they can only log in and start or stop services. Use the acl edit command as shown:

maprcli acl edit -type cluster -cluster -group developers:login,ss

Note that only the developers group's permissions change, while the user named root retains control over the cluster's ACL settings.