streamtool setacl

The streamtool setacl command changes the access or default permissions for an object in an IBM® Streams instance.

Usage

setacl

Read syntax diagramSkip visual syntax diagram-U--Useruserid-h--help--tracelevel-v--verboselevel permission object

Authority

You must have write authority for the config instance object. By default, the InstanceAdministrator role has this authority. For more information about access control lists, see streamtool getacl.

Description

To add, remove, or replace an access control setting, you must identify the applicable IBM Streams object, the user to which the new access control setting applies, and one or more privileges that you want to add or remove.

To set permissions for a job group, use the streamtool grantjobpermission command.

Options and arguments

-h, --help
Specifies to show the command syntax.
<object>
Specifies an IBM Streams object, which must be one of the following values:
  • application-log
  • config
  • hosts
  • instance
  • jobgroup_default
  • jobgroup_<name>, where <name> is the name of a valid job group in the instance.
  • jobs
  • jobs-override
  • job_<id>, where <id> is a valid job ID.
  • system-log
<permission>
Specifies the privileges that you want to add, remove, or replace for an IBM Streams object. The command uses the following format for the <permission> argument: [default:]{u|user|g|group|r|role}:<name>{+,-,:}{rwsado}. The keywords and variables have the following meanings:
default:
Specifies the default permission values to be used when child objects that are added to this object are initialized. For example, the jobs object uses this setting to grant default permissions to new jobs as they are added to the system.

If you do not specify this keyword, the command sets the access permissions for the object instead of its default permissions.

u, user, g, group, r, role
Specifies whether the name is a user, a group, or a role.
<name>
Specifies the name of the user, group, or role.
+, -, :
Specifies whether the command adds (+) or removes (-), or replaces (:) the specified permissions.
rwsado
Specifies the permission settings to set, remove, or add. You can specify one or more of the following permission settings: read (r), write (w), search (s), add (a), delete (d), or own (o).
--trace <level>
Specifies the trace setting. The following valid levels are listed in order of increasing verbosity, which is to say that the first level in the list generates the least amount of information:
  • off
  • error
  • warn
  • info
  • debug
  • trace
The default value is off.
-U, --User <userid>
Specifies an IBM Streams user ID that has authority to run the command.
-v,--verbose <level>
Specifies to provide more detailed command output. The verbosity level can be 0-3, where 0 disables detailed reporting and each increment provides more detailed output.

Examples

To run the streamtool lsjobs command successfully, you must have search authority for the jobs instance object. The following command grants that authority to the user analyst2: 
[streamsops@myinstance-ops-0 ~]$ streamtool setacl -U user u:analyst2+s jobs
CDISC0019I The access control list for the myinstance instance was updated.
The following command removes the search authority from the user analyst2 for the jobs instance object: 
[streamsops@myinstance-ops-0 ~]$ streamtool setacl -U user u:analyst2-s jobs
CDISC0019I The access control list for the myinstance instance was updated.