streamtool getacl

The streamtool getacl command lists the access control lists (ACLs) associated with a specific security object in the IBM® Streams instance.

Usage

getacl

Read syntax diagramSkip visual syntax diagram-U--Useruserid-h--help--tracelevel-v--verboselevel object

Authority

You must have write authority for the config instance object. By default, the InstanceAdministrator role has this authority.

Description

IBM Streams uses ACLs to enforce security. An ACL is composed of the type of instance object to secure and the actions that a group or user is authorized to perform against the object.

IBM Streams objects are hierarchical in nature, in that some objects are included by other objects. For example, a jobs object can include multiple <job-id> objects for each job that is running in the system. These relationships are sometimes referred to as parent and child relationships between the objects.

The streamtool getacl command returns information about the parent, owner, persistence, and access permissions for the security object. If the command output indicates that the security object is persistent, it means that changes to this object, for example changes to its permissions, are recorded in the instance security configuration. Thus the changes persist while the instance exists.

For more information, see Security objects and access permissions for IBM Streams instances.

Options and arguments

-h, --help
Specifies to show the command syntax.
<object>
Specifies an IBM Streams object, which must be one of the following values:
  • application-log
  • config
  • hosts
  • instance
  • jobgroup_default
  • jobgroup_<name>, where <name> is the name of a valid job group in the instance.
  • jobs
  • jobs-override
  • job_<id>, where <id> is a valid job ID.
  • system-log
--trace <level>
Specifies the trace setting. The following valid levels are listed in order of increasing verbosity, which is to say that the first level in the list generates the least amount of information:
  • off
  • error
  • warn
  • info
  • debug
  • trace
The default value is off.
-U, --User <userid>
Specifies an IBM Streams user ID that has authority to run the command.
-v,--verbose <level>
Specifies to provide more detailed command output. The verbosity level can be 0-3, where 0 disables detailed reporting and each increment provides more detailed output.

Examples

In the following example, the command returns the access control information for the instance security object: 
[streamsops@myinstance-ops-0 ~]$ streamtool getacl instance
# object: instance
# parent:
# owner: nobody
# persistent: yes
role:InstanceUser:--s---
role:InstanceAdministrator:rwsado
The command output lists the users, groups, and roles that have access control permissions for the instance object. For example, the command indicates that the bsmith user has read, write, search, delete, and own permissions for the instance object.