Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

PowerScale OneFS API Reference

PDF

Set the ACL of a directory

Sets the access control list of the directory.

Request syntax

PUT /namespace/<access_point>/<container_path>/<container_name>?acl HTTP/1.1
Host: <hostname>[:<port>]
Content-Length: <length>
Date: <date>
Authorization: <signature>

{
   "owner":{
      "id":"<owner id>",
      "name":"<owner name>",
      "type":"<type>"
   },
   "group":{
      "id":"<group id>",
      "name":"<group name>",
      "type":"<type>"
   },
   "authoritative":"acl"|"mode",
   "mode":"<POSIX mode>",
   "action":"<action_value>",
   "acl":[
      {
         "trustee":{
            "id":"<trustee id>",
            "name":"<trustee name>",
            "type":"<trustee type>"
         },
         "accesstype":"allow"|"deny",
         "accessrights":"<accessrights_list>",
         "inherit_flags":"<inherit_flags_list>",
         "op":"<operation_value>"
      }
   ]
}

Request query parameters

Parameter Name Description Default Type Required
acl The acl argument must be placed at the first position of the argument list in the URI. N/A String Yes

Request body parameters

Parameter Name Description Default Type Required
owner Specifies the JSON object for the owner persona. You should only specify the owner persona if you want to change the owner of the target. N/A JSON object No
group Specifies the JSON object for the group persona of the owner. You should only specify the group persona if you want to change the group of the target. N/A JSON object No
authoritative The authoritative field is mandatory and can take the value of either acl or mode.

acl: You can modify the owner, group personas, or access rights for the directory by setting the authoritative field to acl and by setting <action_value> to update. When the authoritative field is set to acl, access rights are set for the directory from the acl structure. Any value specified for the mode parameter is ignored.

NOTE: When the authoritative field is set to acl, the default value for the <action_value> field is replace. If the <action_value> field is set to replace, the system replaces the existing access rights of the directory with the access rights specified in the acl structure. If the acl structure is empty, the existing access rights are deleted and default access rights are provided by the system. The default access rights for directories are read access control list (‘std_read_dac’) and write access control list (‘std_write_dac’) for the owner.

mode: You can modify the owner and group personas by setting the authoritative field to mode. When the authoritative field is set to mode, POSIX permissions are set on the directory. The <action_value> field and acl structure are ignored. If mode is set on a directory that already has access rights or if access rights are set on a directory that already has POSIX permissions set, the result of the operation varies based on the Global ACL Policy.

N/A String Yes
mode Specifies the POSIX mode. 0700 for directories

0600 for files

Octal number, specified as a string No
action The <action_value> field is applied when the authoritative field is set to acl. You can set the <action_value> field to either update or replace.

When set to update, the existing access control list of the directory is modified with the access control entries specified in the acl structure of the JSON body.

When set to replace, the entire access control list is deleted and replaced with the access control entries specified in the acl structure of the JSON body.

Additionally, when set to replace, the acl structure is optional. If the acl structure is left empty, the entire access control list is deleted and replaced with the system set default access rights. The default access rights for directories are read access control list (‘ std_read_dac’) and write access control list (‘ std_write_dac’) for the owner.

replace String No
acl Specifies the JSON array of access rights. N/A JSON object Conditional.

Mandatory when the <action_value> field is set to update; optional when the <action_value> is set to replace

accesstype Can be set to allow or deny.

allow: Allows access to the directory based on the access rights set for the trustee.

deny: Denies access to the directory based on the access rights set for the trustee.

N/A String Yes, unless the <action_value> field is set to replace and the acl structure is empty.
accessrights Specifies the access right values defined for the directory. N/A List of string values Conditional

Mandatory when the <action_value> field is set to update and the <operation_value> field is set to either add or replace and the <inherit_ flags_list> field is unspecified.

Optional when the <action_value> is set to update and the <operation_value> field is set to delete, or when the <action_value> field is set to replace.

inherit_flags Specifies the inherit flag values for directories. N/A List of string values Conditional
op The <operation_value> field is applied when the <action_value> field is set to update. You can set the <operation_value> field to add, replace, or delete. If no <operation_value> field is specified, the default value is add.

add: Creates an access control entry (ACE) if an ACE is not already present for a trustee and trustee access type. If an entry is already present for that trustee and trustee access type, this operation appends the access rights list to the current ACE for that trustee and trustee access type.

delete: Removes the access rights list provided from the existing ACE for a trustee and trustee access type. If the input access rights list is empty , the entire ACE that corresponds to the trustee and trustee access type is deleted.

replace: Replaces the entire ACE for the trustee and trustee access type with the input access rights list.

add, when <action_value> is set to update. String No

Request headers

This call sends common request headers.

Response headers

This call returns common response headers.

Response body

There is no message body for this response.

Example request 1

This sample sets the ACL of a directory. 

PUT /namespace/ifs/dir1/dir2/dir?acl HTTP/1.1
Host: my_cluster:8080
Content-Length: <length>
Date: Tue, 22 May 2012 12:00:00 GMT
Authorization: <signature>
Content-Type: application/json

{
   "authoritative":"acl",
   "action":"update",
   "acl":[
      {
         "trustee":{
            "id":"UID:1001",
            "name":"user23",
            "type":"user"
         },
         "accesstype":"allow",
         "accessrights":[
            "std_write_dac"
         ],
         "inherit_flags":[
            "object_inherit",
            "inherit_only"
         ],
         "op":"add"
      },
      {
         "trustee":{
            "id":"GID:1210",
            "name":"group12",
            "type":"group"
         },
         "accesstype":"allow",
         "accessrights":[],
         "op":"delete"
      }
   ]
}

Example response 1

HTTP/1.1 200 OK
Date: Tue, 22 May 2012 12:00:00 GMT
Content-Length: <length>
Connection: close
Server: Apache2/2.2.19

Example request 2

This sample replaces the existing ACL of the directory with the access control entries that are specified in the acl structure. If the acl structure is empty, the existing ACL is replaced with default system values. The directory owner has default read and write access to the access control list. 

PUT /namespace/ifs/dir1/dir2/dir?acl HTTP/1.1
Host: my_cluster:8080
Content-Length: <length>
Date: Tue, 22 May 2012 12:00:00 GMT
Authorization: <signature>
Content-Type: application/json

{
   "owner":{
      "id":"UID:2001",
      "name":"foo1",
      "type":"user"
   },
   "group":{
      "id":"GID:0",
      "name":"wheel",
      "type":"group"
   },
   "authoritative":"acl",
   "action":"replace",
   "acl":[]
}

Example response 2

HTTP/1.1 200 OK
Date: Tue, 22 May 2012 12:00:00 GMT
Content-Length: <length>
Connection: close
Server: Apache2/2.2.19

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\