chaccfg - change access control configuration
Synopsis
Description
Options
Examples
Environment
Bugs
Author
See Also
chaccfg -t {resourcerole | taskrole | autoresource | autoresourcerole}
[{-f configuration-file | -i "configuration-data"}]
[-o {enable | disable | convert | remove}] [--retain {0 | 1}]
[--help]
chaccfg changes the configuration of access control objects.
-t The type of access control objects to change. Valid values are resourcerole for managed resource role, taskrole for task role, autoresource for automatically added managed resource object, and autoresourcerole for the automatic managed resource role update setting. -f The name of the file containing the configuration data needed to change an access control role. The configuration data consists of attribute name/value pairs, which are in comma separated value (CSV) format. These attribute name/value pairs form a configuration record. A line feed marks the end of a configuration record. There can only be one configuration record in the file. The format of a configuration record is as follows:
attribute-name=value,attribute-name=value,...<LF>
Note that certain attributes accept a comma separated list of values, as follows:
attribute-name=value,value,... ,...<LF>
When a list of values is specified, the attribute name/value pair must be enclosed in double quotes. Depending on the shell being used, nested double quote characters may need to be preceded by an escape character, which is usually a ’#146; character.
If ’+=’ is used in the attribute name/value pair instead of ’=’, then the specified value is added to the existing value for the attribute if the attribute is numerical. If the attribute is a list, then the specified value(s) is added to the existing list.
If ’-=’ is used in the attribute name/value pair instead of ’=’, then the specified value is subtracted from the existing value for the attribute if the attribute is numerical. If the attribute is a list, then the specified value(s) is deleted from the existing list.
The ’+=’ and ’-=’ operators can only be used when changing a managed resource role.
Attribute names for managed resource roles:
name
name of the managed resource role to
change (required)
resources
comma separated list of managed resource
objects (required)Attribute names for task roles:
name
name of the task role to change
(required)
resources
comma separated list of tasks (required)The -f and the -i options are mutually exclusive.
Either this option or the -i option is required when changing an access control role. This option is not valid for any other operation.
-i This option allows you to enter configuration data on the command line, instead of using a file. Data entered on the command line must follow the same format as data in a file, and must be enclosed in double quotes. The -i and the -f options are mutually exclusive.
Either this option or the -f option is required when changing an access control role. This option is not valid for any other operation.
-o The operation to perform. Valid values are enable to enable automatic updates of custom managed resource roles, disable to disable automatic updates of custom managed resource roles, convert to convert all automatically added managed resource objects to user-added managed resource objects, and remove to remove all automatically added managed resource objects. This option is required when changing automatically added managed resource objects or the automatic managed resource role update setting. This option is not valid for any other operation.
--retain When disabling automatic updates of custom managed resource roles, specify whether automatically added managed resource objects are to be removed or converted to user-added managed resource objects. Valid values are 0 to remove and 1 to convert. This option is required when disabling automatic updates of custom managed resource roles. This option is not valid for any other operation.
--help Display the help text for this command and exit.
Change the managed resource objects for the managed resource role lpar_role where XXX is a resource name returned from lsaccfg -t resource --script:chaccfg -t resourcerole -i "name=lpar_role,resources=XXX"
Add a managed resource object to the managed resource role mr1 where XXX is a resource name returned from lsaccfg -t resource --script:
chaccfg -t resourcerole -i "name=mr1,resources+=XXX"
Change the task role tr1:
chaccfg -t taskrole -i "name=tr1,"resources=
cec:ChangeCECProperty+CECPowerOn+CECPowerOff,
lpar:ChangeLPARProperty+ChangeProfileProperty""Change a task role using the configuration data in the file /tmp/cfgFile:
chaccfg -t taskrole -f /tmp/cfgFile
Enable the automatic updates of custom managed resource roles:
chaccfg -t autoresourcerole -o enable
Disable the automatic updates of custom managed resource roles and remove all automatically added managed resource objects:
chaccfg -t autoresourcerole -o disable --retain 0
Remove all automatically added managed resource objects:
chaccfg -t autoresource -o remove
None
None
IBM Austin
lsaccfg, mkaccfg, rmaccfg
| Linux | CHACCFG (1) | November 2019 |