The
acl argument must be placed at the first position of the argument list in the URI.
N/A
String
Yes
Request body parameters
Parameter Name
Description
Default
Type
Required
owner
Specifies the JSON object for the owner persona. You should only specify the owner or group persona if you want to change the owner or group of the target.
N/A
JSON object
No
group
Specifies the JSON object for the group persona of the owner. You should only specify the owner or group persona if you want to change the owner or group of the target.
N/A
JSON object
No
authoritative
The authoritative field is mandatory and can take the value of either
acl or
mode.
acl: You can modify the owner, group personas, or access rights for the file by setting the authoritative field to
acl and by setting
<action_value>
to
update. When the authoritative field is set to
acl, access rights are set for the file from the
acl structure. Any value that is specified for the
mode parameter is ignored.
NOTE:
When the authoritative field is set to
acl, the default value for the
<action_value>
field is
replace. If the
<action_value>
field is set to
replace, the system replaces the existing access rights of the file with the access rights that are specified in the
acl structure. If the
acl structure is empty, the existing access rights are deleted and default access rights are provided by the system. The default access rights for files are read access control list (‘std_read_dac’) and write access control list (‘std_write_dac’) for the owner.
mode: You can modify the owner and group personas by setting the authoritative field to
mode. When the authoritative field is set to
mode, POSIX permissions are set on the file. The
<action_value>
field and
acl structure are ignored. If
mode is set on a file that already has access rights or if access rights are set on a file that already has POSIX permissions set, the result of the operation varies based on the Global ACL Policy.
N/A
String
Yes
mode
Specifies the POSIX mode.
0700 for directories
0600 for files
Octal number, which is specified as a string
No
action
The
<action_value>
field is applied when the authoritative field is set to
acl. You can set the
<action_value>
field to either
update or
replace. The default value is
replace.
When set to
update, the existing access control list of the file is modified with the access control entries that are specified in the
acl structure of the JSON body.
When set to
replace, the entire access control list is deleted and replaced with the access control entries that are specified in the
acl structure of the JSON body.
Also, when set to
replace, the
acl structure is optional. If the
acl structure is left empty, the entire access control list is deleted and replaced with the system set default access rights. The default access rights for files are read access control list (‘ std_read_dac’) and write access control list (‘ std_write_dac’) for the owner.
replace
String
No
acl
Specifies the JSON array of access rights.
N/A
JSON object
Conditional
Mandatory when the
<action_value> field is set to
update and optional when the
<action_value> field is set to
replace.
accesstype
Can be set to
allow or
deny.
allow: Allows access to the file based on the access rights set for the trustee.
deny: Denies access to the file based on the access rights set for the trustee.
N/A
String
Yes, unless the
<action_value> field is set to
replace and the
acl structure is empty.
accessrights
Specifies the access right values that are defined for the file.
N/A
List of string values
Conditional
Mandatory when the
<action_value> field is set to
update and the
<operation_value>field is set to either
add or
replace, and when the
<inherit_flags_list> field is unspecified.
Optional when the
<action_value> field is set to
update and the
<operation_value> is set to
delete.
inherit_flags
Specifies the inherit flag values for the file.
N/A
List of string values
Conditional
Either the
<accessrights_list> or
<inherit_flags_list> must be specified when the
<action_value> field is set to
update and the
<operation_value> field is set to
add or
replace.
op
The
<operation_value> field is applied when the
<action_value>
field is set to
update. You can set the
<operation_value> field to
add,
replace, or
delete. If no
<operation_value> field is specified, the default value is
add.
add: Creates an access control entry (ACE) if an ACE is not already present for a trustee and trustee access type. If an entry is already present for that trustee and trustee access type, this operation appends the access rights list to the current ACE for that trustee and trustee access type.
delete: Removes the access rights list provided from the existing ACE for a trustee and trustee access type. If the input access rights list is empty , the entire ACE that corresponds to the trustee and trustee access type is deleted.
replace: Replaces the entire ACE for the trustee and trustee access type with the input access rights list.
add, when the
<action_value> field is set to
update