Access/acls/{userGroup}: PUT

Adds a REST API access control list (ACL) entry for a user group.

Availability

Available on all IBM Storage Scale editions.

Description

The PUT access/acls/{userGroup} request adds a REST API ACL entry for the specified user group.

Note: Only the users with Security Admin and User Admin roles can add an ACL entry for a user group.

Request URL

https://<IP address or host name of API server>:<port>/scalemgmt/v2/access/acls/userGroup

where

acls/userGroup: Specifies the user group for which the ACL entry is added. Required.

Request headers

Content-Type: application/json
Accept: application/json

Parameters

The following parameters can be used in the request URL to customize the request:

Table 1. List of parameters
Parameter name	Description and applicable keywords	Required/optional
userGroup	The user group name for which the ACL entry is to be created.	Required.
body	Body of the request that contains the required parameters to be passed on to the IBM Storage Scale system to perform the requested operation.	Required.

Request data

{
                "type":"{allow | deny}",
                "method":"GET | DELETE | PUT | POST",
                "endpoint":"Endpoint name",
                "allEndpoints":"TRUE | FALSE",
}

"type":"allow | deny ": Specifies the permission type of the entry.
"method":"GET | POST | PUT | DELETE": The HTTP method for which the permission is defined.
"endpoint":"Endpoint Name ": The name of the endpoint for which the permission is being defined. It is mutually exclusive with the allEndpoints field.
"allEndpoints":"True | False": Specifies whether the permission is defined for all REST API endpoints. It is mutually exclusive with the endpoint field.

Response data

{
   "status": {
      "code":ReturnCode",
      "message":"ReturnMessage"
   },
   "jobs": [
      {
         "result":"", 
           { 
             "commands":"String",
             "progress":"String,
             "exitCode":"Exit code",
             "stderr":"Error",
             "stdout":"String",
           },
         "request":" ",
           {
             "type":"{GET | POST | PUT | DELETE}",
             "url":"URL",
             "data":""",
           }
         "jobId":"ID",
         "submitted":"Time",
         "completed":Time",
         "status":"Job status",
         "pids":"Process IDs", 
         }
   ],
  }

"jobs":

An array of elements that describe jobs. Each element describes one job.

"status":

Return status.

"message": "ReturnMessage",: The return message.
"code": ReturnCode: The return code.

"result"

"commands":"String': Array of commands that are run in this job.
"progress":"String': Progress information for the request.
"exitCode":"Exit code": Exit code of the command. The value zero denotes success, and nonzero denotes failure.
"stderr":"Error": CLI messages from stderr.
"stdout":"String": CLI messages from stdout.

"request"

"type":"{GET | POST | PUT | DELETE}": HTTP request type.
"url":"URL": The URL through which the job is submitted.
"data":" ": Optional.

"jobId":"ID",: The unique ID of the job.
"submitted":"Time": The time at which the job was submitted.
"completed":"Time": The time at which the job was completed.
"status":"RUNNING | COMPLETED | FAILED": Status of the job.

"pids":"process IDs"

The process IDs of all the active sub processes that manage the job.

Examples

The following example sets ACL information for the endpoint /filesystems/{filesystemName}/filesets and the user group Csi Admin.

Request data:

 "type": "deny",
          "method": "POST",
          "endpoint": "/filesystems/{filesystemName}/filesets",
          "allEndpoints": false

Corresponding request URL:

curl -k -u admin:admin001 -X PUT --header 'content-type:application/json' --header 'accept:application/json' 
-d '{
   "type": "deny",
   "method": "POST",
    "endpoint": "/filesystems/{filesystemName}/filesets",
    "allEndpoints": false 
     }' 'https://198.51.100.1:443/scalemgmt/v2/acess/acls/CsiAdmin'

Response data:

Note: In the JSON data that is returned, the return code indicates whether the command is successful. The response code 200 indicates that the command successfully retrieved the information. Error code 400 represents an invalid request and 500 represents internal server error.

{
  "jobs" : [ {
    "jobId" : 1000000000010,
    "status" : "COMPLETED",
    "submitted" : "2021-01-30 18:18:38,755",
    "completed" : "2021-01-30 18:18:39,627",
    "runtime" : 872,
    "request" : {
      "type" : "PUT",
      "url" : "/scalemgmt/v2/access/acls/CsiAdmin"
    },
    "result" : {
      "progress" : [ ],
      "commands" : [ "mv --force '/var/lib/mmfs/gui/settings.json.5d599bb5-51d6-4117-a115-345f2808145b' '/var/lib/mmfs/gui/settings.json' " ],
      "stdout" : [ "info: chrestacl CsiAdmin add --type deny --method POST --endpoint '/filesystems/{filesystemName}/filesets' --verbose " ],
      "stderr" : [ ],
      "exitCode" : 0
    },
    "pids" : [ ]
  } ],
  "status" : {
    "code" : 200,
    "message" : "The request finished successfully."
  }
}