acl modify

Modifies access control list (ACL) policies.

Requires authentication (administrator ID and password) to use.

acl modify acl_name delete attribute attribute_name [attribute_value]

acl modify acl_name description description

acl modify acl_name remove any-other

acl modify acl_name remove group group_name

acl modify acl_name remove unauthenticated

acl modify acl_name remove user user_name

acl modify acl_name set any-other [permissions]

acl modify acl_name set attribute attribute_name attribute_value

acl modify acl_name set description description

acl modify acl_name set group group_name [permissions]

acl modify acl_name set unauthenticated [permissions]

acl modify acl_name set user user_name [permissions]

Options

description description
Set or modifies the description for the specified ACL. This option is equivalent to the acl modify set description command. Use the acl modify description command instead of the acl modify set description command.

A valid description is an alphanumeric string that is not case-sensitive. String values are expected to be characters that are part of the local code set. Spaces are allowed.

If the description contains a space, enclose the description in double quotation marks. We can specify an empty string ("") to clear an existing description.

Example of description: "Department number of employee"

permissions
ISAM uses a set of default actions (known as primary action tasks and permissions) that cover a wide range of operations. We can also create our own action tasks and permissions. A complete list of primary action tasks and their associated permissions includes:
T Traverse Base
c Control Base
g Delegation Base
m Modify Generic
d Delete Generic
b Browse Base
s Server Admin Generic
v View Generic
a Attach Base
B Bypass POP Base
t Trace Base
r Read WebSEAL
x Execute WebSEAL
l List Directory WebSEAL
N Create Base
W Password Base
A Add Base
R Bypass AuthzRule Base

For more information on actions, see Action groups and actions. For a description of default permissions, see Default permissions in the primary action group.

remove any-other
Removes the ACL entry for the any-other user category from the specified ACL.

remove group group_name
Removes the ACL entry for the specified group from the specified ACL. The group must exist, or an error is displayed.

Examples of group names are Credit, Sales, and Test-group.

remove unauthenticated
Removes the ACL entry for the unauthenticated user category from the specified ACL.

remove user user_name
Removes the ACL entry for the specified user from the specified ACL. The user must exist, or an error is displayed.

Examples of user names are dlucas, sec_master, and "Mary Jones".

set any-other [permissions]
Set or modifies the ACL entry for the any-other user category in the ACL. Valid actions, or permissions, are represented by single alphabetic ASCII characters (a-z, A-Z).

set attribute attribute_name attribute_value
Set the extended attribute value for the specified extended attribute key in the specified ACL. The attribute must exist, or an error is displayed. If the attribute exists, the attribute value is added as an additional value if the same value does not exist for this attribute. If the same value exists for this attribute, it does not get added again (duplicate values are not allowed), and no error is returned.

The optional attribute_value sets the specified value from the specified extended attribute key in the specified ACL. Examples of extended attribute names and values:

Dept_No 445
Employee_name "Diana Lucas"

set description description
Set or modifies the description for the specified ACL. This option is equivalent to the acl modify description command. Use the acl modify description command instead of the acl modify set description command.

set group group_name [permissions]
Set or modifies the ACL entry for the specified group in the specified ACL. The group must exist, or an error is displayed.

Examples of group names are Credit, Sales, and Test-group.

ISAM uses a set of default actions that cover a wide range of operations. Valid actions, or permissions, are represented by single alphabetic ASCII characters (a-z, A-Z). See set any-other [permissions] for the list of possible permissions.

set unauthenticated [permissions]
Set or modifies the ACL entry for the unauthenticated user category in the specified ACL.

ISAM uses a set of default actions that cover a wide range of operations. Valid actions, or permissions, are represented by single alphabetic ASCII characters (a-z, A-Z). See set any-other [permissions] for examples of permissions.

set user user_name [permissions]
Set permissions the user is permitted to perform. The user must exist or an error is displayed.

Examples of user names are dlucas, sec_master, and "Mary Jones".

ISAM uses a set of default actions that cover a wide range of operations. Valid actions, or permissions, are represented by single alphabetic ASCII characters (a-z, A-Z). See set any-other [permissions] for examples of permissions.

Return codes

Examples

  • The following example sets the sales group entry in the pubs ACL to have the Tr permissions, which are the Traverse and Read (Base) permissions:
    pdadmin sec_master> acl modify pubs set group sales Tr

  • The following example sets the unauthenticated user entry in the docs ACL to have the r permission, which is the Read (WebSEAL) permission:
    pdadmin sec_master> acl modify docs set unauthenticated r

  • The following example sets the peter user entry in the pubs ACL to have the Tr permissions, which are the Traverse (Base) and Read (WebSEAL) permissions:
    pdadmin sec_master> acl modify pubs set user peter Tr

  • The following example sets the kathy user entry in the test ACL to have Tbr permissions, which are the Traverse (Base), Browse (Base) and Read (WebSEAL) permissions. It also sets custom permissions PS for the existing test-group action group. It then displays the results.
    pdadmin sec_master> acl modify test set user kathy Tbr[test-group]PS
    
    pdadmin sec_master> acl show test
    
    ACL Name: test
    Description:
    Entries:
    User sec_master TcmdbsvaBl
    Group ivmgrd-servers Tl
    Any-other r
    User kathy Tbr[test-group]PS

  • The following example sets the kathy user entry in the test ACL to have Tbr permissions, which are the Traverse (Base), Browse (Base), and Read (WebSEAL) permissions. It then displays the results.
    pdadmin sec_master> acl modify test set user kathy Tbr
    
    pdadmin sec_master> acl show test
    
    ACL Name: test
    Description:
    Entries:
    User sec_master TcmdbsvaBl
    Group ivmgrd-servers Tl
    Any-other r
    User kathy Tbr

    See also

    acl attach
    acl create

    Parent topic: pdadmin commands