acl modify
Modifies access control list (ACL) policies.
Requires authentication (administrator ID and password) to use.
acl modify acl_name delete attribute attribute_name [attribute_value]
acl modify acl_name description description
acl modify acl_name remove any-other
acl modify acl_name remove group group_name
acl modify acl_name remove unauthenticated
acl modify acl_name remove user user_name
acl modify acl_name set any-other [permissions]
acl modify acl_name set attribute attribute_name attribute_value
acl modify acl_name set description description
acl modify acl_name set group group_name [permissions]
acl modify acl_name set unauthenticated [permissions]
acl modify acl_name set user user_name [permissions]
Options
- acl_name
- Specifies the ACL policy to be modified. The ACL policy must exist, or an error is displayed.
Examples: default-root, test, default-management, and pubs_acl3
- delete attribute attribute_name [attribute_value]
- Deletes the specified extended attribute name and value from the specified ACL. The attribute must exist, or an error is displayed.
The attribute_value deletes the specified value from the specified extended attribute key in the specified ACL. (Optional) Examples of extended attribute names and values:
Dept_No 445 Employee_Name "Diana Lucas"
description description Set or modifies the description for the specified ACL. This option is equivalent to the acl modify set description command. Use the acl modify description command instead of the acl modify set description command. A valid description is an alphanumeric string that is not case-sensitive. String values are expected to be characters that are part of the local code set. Spaces are allowed.
If the description contains a space, enclose the description in double quotation marks. We can specify an empty string ("") to clear an existing description.
Example of description: "Department number of employee"
permissions ISAM uses a set of default actions (known as primary action tasks and permissions) that cover a wide range of operations. We can also create our own action tasks and permissions. A complete list of primary action tasks and their associated permissions includes: T Traverse Base c Control Base g Delegation Base m Modify Generic d Delete Generic b Browse Base s Server Admin Generic v View Generic a Attach Base B Bypass POP Base t Trace Base r Read WebSEAL x Execute WebSEAL l List Directory WebSEAL N Create Base W Password Base A Add Base R Bypass AuthzRule Base
For more information on actions, see Action groups and actions. For a description of default permissions, see Default permissions in the primary action group.
remove any-other Removes the ACL entry for the any-other user category from the specified ACL. remove group group_name Removes the ACL entry for the specified group from the specified ACL. The group must exist, or an error is displayed. Examples of group names are Credit, Sales, and Test-group.
remove unauthenticated Removes the ACL entry for the unauthenticated user category from the specified ACL. remove user user_name Removes the ACL entry for the specified user from the specified ACL. The user must exist, or an error is displayed. Examples of user names are dlucas, sec_master, and "Mary Jones".
set any-other [permissions] Set or modifies the ACL entry for the any-other user category in the ACL. Valid actions, or permissions, are represented by single alphabetic ASCII characters (a-z, A-Z). set attribute attribute_name attribute_value Set the extended attribute value for the specified extended attribute key in the specified ACL. The attribute must exist, or an error is displayed. If the attribute exists, the attribute value is added as an additional value if the same value does not exist for this attribute. If the same value exists for this attribute, it does not get added again (duplicate values are not allowed), and no error is returned. The optional attribute_value sets the specified value from the specified extended attribute key in the specified ACL. Examples of extended attribute names and values:
Dept_No 445 Employee_name "Diana Lucas"
set description description Set or modifies the description for the specified ACL. This option is equivalent to the acl modify description command. Use the acl modify description command instead of the acl modify set description command. set group group_name [permissions] Set or modifies the ACL entry for the specified group in the specified ACL. The group must exist, or an error is displayed. Examples of group names are Credit, Sales, and Test-group.
ISAM uses a set of default actions that cover a wide range of operations. Valid actions, or permissions, are represented by single alphabetic ASCII characters (a-z, A-Z). See set any-other [permissions] for the list of possible permissions.
set unauthenticated [permissions] Set or modifies the ACL entry for the unauthenticated user category in the specified ACL. ISAM uses a set of default actions that cover a wide range of operations. Valid actions, or permissions, are represented by single alphabetic ASCII characters (a-z, A-Z). See set any-other [permissions] for examples of permissions.
set user user_name [permissions] Set permissions the user is permitted to perform. The user must exist or an error is displayed. Examples of user names are dlucas, sec_master, and "Mary Jones".
ISAM uses a set of default actions that cover a wide range of operations. Valid actions, or permissions, are represented by single alphabetic ASCII characters (a-z, A-Z). See set any-other [permissions] for examples of permissions.
Return codes
- 0
- The command completed successfully.
- 1
- The command failed. When a command fails, the pdadmin command provides a description of the error and an error status code in hexadecimal format (for example, 0x14c012f2). See "Error messages" in the IBM Knowledge Center. This reference provides a list of the ISAM error messages by decimal or hexadecimal codes.
Examples
- The following example sets the any-other user entry in the pubs ACL to have r, the Read (WebSEAL) permission:
pdadmin sec_master> acl modify pubs set any-other r
The following example sets the sales group entry in the pubs ACL to have the Tr permissions, which are the Traverse and Read (Base) permissions: pdadmin sec_master> acl modify pubs set group sales Tr
The following example sets the unauthenticated user entry in the docs ACL to have the r permission, which is the Read (WebSEAL) permission: pdadmin sec_master> acl modify docs set unauthenticated r
The following example sets the peter user entry in the pubs ACL to have the Tr permissions, which are the Traverse (Base) and Read (WebSEAL) permissions: pdadmin sec_master> acl modify pubs set user peter Tr
The following example sets the kathy user entry in the test ACL to have Tbr permissions, which are the Traverse (Base), Browse (Base) and Read (WebSEAL) permissions. It also sets custom permissions PS for the existing test-group action group. It then displays the results. pdadmin sec_master> acl modify test set user kathy Tbr[test-group]PS pdadmin sec_master> acl show test ACL Name: test Description: Entries: User sec_master TcmdbsvaBl Group ivmgrd-servers Tl Any-other r User kathy Tbr[test-group]PS
The following example sets the kathy user entry in the test ACL to have Tbr permissions, which are the Traverse (Base), Browse (Base), and Read (WebSEAL) permissions. It then displays the results. pdadmin sec_master> acl modify test set user kathy Tbr pdadmin sec_master> acl show test ACL Name: test Description: Entries: User sec_master TcmdbsvaBl Group ivmgrd-servers Tl Any-other r User kathy Tbr
See also
acl attach
acl createParent topic: pdadmin commands