Filesystems/{filesystemName}/acl/{path}: PUT
Sets access control list (ACL) for a file or directory. You can set only NFSv4 ACLs. The POSIX ACLs are not supported.
Availability
Available on all IBM Spectrum Scale™ editions.
Description
The PUT filesystems/filesystemName/acl/path request sets ACL for files or directories within a particular file system. For more information about the fields in the data structures that are returned, see the topics mmgetacl command and mmputacl command.
Note: Only the users with dataaccess role can set ACL for a file or directory.
Request URL
https://<IP address or host name of API server>:<port>/scalemgmt/v2/filesystems/FileSystemName/acl/path- filesystems/filesystemName
- The file system in which the file or directory is located. Required.
- acl/path
- The path of the file or directory for which you want to set the ACL. Required.
Request headers
Content-Type: application/json
Accept: application/jsonParameters
The following parameters can be used in the request URL to customize the
request:
| Parameter name | Description and applicable keywords | Required/optional |
|---|---|---|
| filesystemName | The file system name. You can also use keywords such as :all:, :all_local:, or :all_remote: | Required. |
| path | The file path relative to file system's mount point. The path of the file or directory is specified with forward slashes (/). For example: mnt/gpfs0/rest01. The forward slashes in the path are encoded to "%2F" in the request URL. | Required. |
| body | Body of the request that contains the required parameters to be passed on to theIBM Spectrum Scale system to perform the requested operation. | Required. |
Request data
{
"type":"{NFSv4} ",
"entries": [
"type":"{allow | deny | alarm | audit }",
"who":"User or group",
"permissions":"Access permissions",
"flags":"Flags",
],
}For more information about the fields in the following data structures, see the links at the end of this topic.
- "type":"NFSv4"
- Type of the ACL.
- "entries":"Access control entries"
- "type":"allow | deny | alarm | audit"
- Type of the entry.
- "who":" special:owner@ | special:group@ | special:everyone@ | user:{name} | group:{name}"
- The name of the user or group of users for which the ACL is applicable.
- "permission":"(r) read | (w) write | (m) mkdir, | (x) execute | (d) delete | (D) delete child | (a) read attr | (A) write attr (n) read named | (N) write Named | (c) read acl | (C) write acl | (o) change owner| (s) synchronize "
- The access permissions.
- "flags":"(f) file inherit | (d) dir inherit | (i) inherit only | (I) inherited | (S) successful access | (F) failed access"
- Special flags and inheritance definition.
Response data
{
"status": {
"code":ReturnCode",
"message":"ReturnMessage"
},
"jobs": [
{
"result":"",
{
"commands":"String",
"progress":"String,
"exitCode":"Exit code",
"stderr":"Error",
"stdout":"String",
},
"request":" ",
{
"type":"{GET | POST | PUT | DELETE}",
"url":"URL",
"data":""",
}
"jobId":"ID",
"submitted":"Time",
"completed":Time",
"status":"Job status",
}
],
}- "jobs":
- An array of elements that describe jobs. Each element describes one job.
- "status":
- Return status.
- "message": "ReturnMessage",
- The return message.
- "code": ReturnCode
- The return code.
- "result"
- "commands":"String'
- Array of commands that are run in this job.
- "progress":"String'
- Progress information for the request.
- "exitCode":"Exit code"
- Exit code of command. Zero is success, nonzero denotes failure.
- "stderr":"Error"
- CLI messages from stderr.
- "stdout":"String"
- CLI messages from stdout.
- "request"
- "type":"{GET | POST | PUT | DELETE}"
- HTTP request type.
- "url":"URL"
- The URL through which the job is submitted.
- "data":" "
- Optional.
- "jobId":"ID",
- The unique ID of the job.
- "submitted":"Time"
- The time at which the job was submitted.
- "completed":"Time"
- The time at which the job was completed.
- "status":"RUNNING | COMPLETED | FAILED"
- Status of the job.
Examples
The following example sets ACL information for the file system gpfs0 and path mnt/gpfs0.
Request data:
Corresponding
request URL:
{
"type": "NFSv4",
"entries": [
{
"type": "allow",
"who": "user:testuser",
"permissions": "rxancs",
"flags": "fd"
}
]
}curl -k -u admin:admin001 -X PUT --header 'content-type:application/json' --header 'accept:application/json'
-d '{
"type": "NFSv4",
"entries": [
{
"type" : "allow",
"who" : "special:owner@",
"permissions" : "rwmxDaAnNcCos",
"flags" : ""
},
{
"type" : "allow",
"who" : "special:group@",
"permissions" : "rxancs",
"flags" : ""
},
{
"type" : "allow",
"who" : "special:everyone@",
"permissions" : "rxancs",
"flags" : ""
},
{
"type" : "allow",
"who" : "user:scalemgmt",
"permissions" : "rxancs",
"flags" : "fd"
}
]
}' 'https://198.51.100.1:443/scalemgmt/v2/filesystems/gpfs0/acl/mnt%2Fgpfs0'Note: In the JSON data that is returned, the return code indicates whether the
command is successful. The response code 200 indicates that the command successfully retrieved the
information. Error code 400 represents an invalid request and 500 represents internal server error.
{
"jobs" : [ {
"jobId" : 1000000000002,
"status" : "RUNNING",
"submitted" : "2017-03-14 15:50:00,493",
"completed" : "N/A",
"request" : {
"data" : {
"entries" : [
{
"type" : "allow",
"who" : "special:owner@",
"permissions" : "rwmxDaAnNcCos",
"flags" : ""
},
{
"type" : "allow",
"who" : "special:group@",
"permissions" : "rxancs",
"flags" : ""
},
{
"type" : "allow",
"who" : "special:everyone@",
"permissions" : "rxancs",
"flags" : ""
},
{
"type" : "allow",
"who" : "user:scalemgmt",
"permissions" : "rxancs",
"flags" : "fd"
} ],
"type" : "NFSv4"
},
"type" : "PUT",
"url" : "/scalemgmt/v2/filesystems/gpfs0/acl/mnt%2Fgpfs0"
},
"result" : { }
} ],
"status" : {
"code" : 202,
"message" : "The request was accepted for processing"
}
}