Displays the ACL associated with an object (cluster or a volume).
An ACL contains the list of users who can perform specific actions.
/opt/mapr/bin/maprcli acl show
-type object type [cluster|volume|securitypolicy]
[ -name name ]
[ -cluster cluster name ]
[ -user userName whose ACL is queried ]
[ -group groupName whose ACL is queried ]
[ -output output format short|long|terse (default short). default: short ]
[ -perm list of available permissions Parameter takes no value ]| Request Type | GET |
| Request URL | |
|
Parameter |
Description |
|---|---|
|
cluster |
The name of the cluster on which to run the command. |
|
group |
The group for which to display permissions. |
|
name |
The object name. To view security policy level permissions, specify the name of the security policy in this parameter.
This parameter is required for the |
|
output |
The output format:
The default format is |
|
perm |
When you specify this option, |
|
type |
The object type. Allowed values are
|
|
user |
The user for whom to display permissions. |
The actions that each user or group is allowed to perform on the cluster or the specified volume. For information about each allowed action, see acl.
Principal Allowed actions
User root [login, ss, cv, a, fc, cp]
Group root [login, ss, cv, a, fc, cp]
All users [login] Show the ACL for the cluster:
# /opt/mapr/bin/maprcli acl show -type cluster -json
{
"timestamp":1555494572399,
"timeofday":"2019-04-17 02:49:32.399 GMT-0700 AM",
"status":"OK",
"total":2,
"data":[
{
"Principal":"User mapr",
"Allowed actions":"[login, ss, cv, a, fc, cp]"
},
{
"Principal":"User root",
"Allowed actions":"[login, ss, cv, a, fc, cp]"
}
]
}curl -u mapr:mapr -X GET -k "https://host:8443/rest/acl/show?type=cluster"
{"timestamp":1555494852652,"timeofday":"2019-04-17 02:54:12.652 GMT-0700 AM","status":"OK","total":2,"data":[{"Principal":"User mapr","Allowed actions":"[login, ss, cv, a, fc, cp]"},{"Principal":"User root","Allowed actions":"[login, ss, cv, a, fc, cp]"}]}Show the ACL for "test-volume":
# /opt/mapr/bin/maprcli acl show -type volume -name sampleVol1
Allowed actions Principal
[dump, restore, m, a, d, fc] User mapr
[dump, restore, m, d, fc] User foo
[dump, restore, a] User bar
[m, d] User abc# curl -u mapr:mapr -X GET -k "https://host:8443/rest/acl/show?type=volume&name=sampleVol1"
{"timestamp":1525461068100,"timeofday":"2018-05-04 12:11:08.100 GMT-0700 PM","status":"OK","total":4,"data":[{"Principal":"User mapr","Allowed actions":"[dump, restore, m, a, d, fc]"},{"Principal":"User foo","Allowed actions":"[dump, restore, m, d, fc]"},{"Principal":"User bar","Allowed actions":"[dump, restore, a]"},{"Principal":"User abc","Allowed actions":"[m, d]"}]}Show the permissions that can be set on a cluster:
# /opt/mapr/bin/maprcli acl show -type cluster -perm
Permissions Description
login Login access
ss Start/stop services in the cluster
cv Create volumes
a Administrator
fc Full control
cp Create security policies # curl -u mapr:mapr -X GET -k "https://host:8443/rest/acl/show?type=cluster&perm"
{"timestamp":1555497261931,"timeofday":"2019-04-17 03:34:21.931 GMT-0700 AM","status":"OK","total":6,"data":[{"Permissions":"login","Description":"Login access"},{"Permissions":"ss","Description":"Start/stop services in the cluster"},{"Permissions":"cv","Description":"Create volumes"},{"Permissions":"a","Description":"Administrator"},{"Permissions":"fc","Description":"Full control"},{"Permissions":"cp","Description":"Create security policies"}]}Display the available security-level permissions:
# /opt/mapr/bin/maprcli acl show -type securitypolicy -perm -name hipaa
Permissions Description
r Read
a Admin
fc Full control
# curl -u mapr:mapr -X GET -k "https://10.10.82.29:8443/rest/acl/show?type=securitypolicy&perm&name=hipaa"
{"timestamp":1525459863777,"timeofday":"2019-02-04 11:51:03.777 GMT-0700 AM","status":"OK","total":3,"data":[{"Permissions":"r","Description":"Read"},{"Permissions":"a","Description":"Read"},{"Permissions":"fc","Description":"Full control"}]}Display list of users and security policy permissions:
Run the /opt/mapr/bin/maprcli acl show -type securitypolicy
command without the -perm option, to display the list of users who
have security policy level permissions for the policy, and the respective
permissions:
# /opt/mapr/bin/maprcli acl show -type securitypolicy -name hipaa
Allowed actions Principal
[r, a, fc] User tom
[a] User harry
# curl -u mapr:mapr -X GET -k "https://host:8443/rest/acl/show?type=securitypolicy&name=hipaa"
{"timestamp":1555498377874,"timeofday":"2019-04-17 03:52:57.874 GMT-0700 AM","status":"OK","total":2,"data":[{"Principal":"User tom","Allowed actions":"[r, a, fc]"},{"Principal":"User harry","Allowed actions":"[a]"}]}Displays only name, ID and ACL for a user having ONLY policy level admin permissions.
# /opt/mapr/bin/maprcli security policy create -name testpolicy1 -user root:r,a,fc fuser1:a fuser2:fc -readfileace u:fuser1
# /opt/mapr/bin/maprcli acl show -type securitypolicy -name testpolicy1 -user fuser2
Allowed actions Principal
[r, fc] User fuser2
# /opt/mapr/bin/maprcli acl show -type securitypolicy -name testpolicy1 -user fuser1
Allowed actions Principal
[a] User fuser1
# /opt/mapr/bin/maprcli security policy info -name testpolicy1 -json
{
"timestamp":1551432309820,
"timeofday":"2019-03-01 01:25:09.820 GMT-0800 AM",
"status":"OK",
"total":1,
"data":[
{
"policyname":"testpolicy1",
"policyid":19,
"acl":[
{
"Principal":"User root",
"Allowed actions":"[r, a, fc]"
},
{
"Principal":"User fuser1",
"Allowed actions":"[a]"
},
{
"Principal":"User fuser2",
"Allowed actions":"[r, fc]"
}
]
}
]
}