Endpoint
/v1/files/{ref}/info/acl
GET
Get file access control list (ACL).
Parameters
Name
Description
Required
ref
The file ID or the absolute path to the file system object. File IDs can be found in the id field of responses of APIs that return file attributes. You must URL-encode the paths. The APIs & Tools page in the Qumulo Core Web UI URL-encodes the paths.
Yes
snapshot
The snapshot ID that specifies the version of the filesystem to use. If not specified, use the head version.
No
Response
Codes
Code
Description
200
Return value on success
Schema
{
"description" : "api_files_acl_out" ,
"type" : "object" ,
"properties" : {
"generated" : {
"description" : "Set to true if the system has generated an ACL from Unix permissions" ,
"type" : "boolean"
},
"acl" : {
"description" : "acl" ,
"type" : "object" ,
"properties" : {
"control" : {
"description" : "control" ,
"type" : "array" ,
"items" : {
"type" : "string" ,
"enum" : [
"PRESENT" ,
"DEFAULTED" ,
"TRUSTED" ,
"AUTO_INHERIT" ,
"PROTECTED" ,
"ACL_CONTROLS_ALL"
],
"description" : "control: \n * `ACL_CONTROLS_ALL` - All ACL controls, \n * `AUTO_INHERIT` - Set whether the ACL was created through inheritance, \n * `DEFAULTED` - Sets whether the ACL was established by default means, \n * `PRESENT` - Set when ACL is present on the object, \n * `PROTECTED` - Protects ACL from inherit operations, \n * `TRUSTED` - Set when ACL is provided by a trusted source"
}
},
"posix_special_permissions" : {
"type" : "array" ,
"items" : {
"type" : "string" ,
"enum" : [
"STICKY_BIT" ,
"SET_GID" ,
"SET_UID"
],
"description" : "posix_special_permissions: \n * `SET_GID` - SET_GID, \n * `SET_UID` - SET_UID, \n * `STICKY_BIT` - STICKY_BIT"
}
},
"aces" : {
"type" : "array" ,
"items" : {
"description" : "aces" ,
"type" : "object" ,
"properties" : {
"type" : {
"type" : "string" ,
"enum" : [
"ALLOWED" ,
"DENIED"
],
"description" : "Type of this ACL entry: \n * `ALLOWED` - An ACL entry that grants rights, \n * `DENIED` - An ACL entry that denies rights"
},
"flags" : {
"description" : "ACE flags for this ACL entry" ,
"type" : "array" ,
"items" : {
"type" : "string" ,
"enum" : [
"OBJECT_INHERIT" ,
"CONTAINER_INHERIT" ,
"NO_PROPAGATE_INHERIT" ,
"INHERIT_ONLY" ,
"INHERITED" ,
"ACE_FLAGS_ALL"
],
"description" : "ACE flags for this ACL entry: \n * `ACE_FLAGS_ALL` - All ACE flags, \n * `CONTAINER_INHERIT` - Children that are containers inherit as effective ACE, \n * `INHERITED` - Indicates the ACE was inherited, \n * `INHERIT_ONLY` - Indicates an inherit-only ACE that doesn't control access to the attached object, \n * `NO_PROPAGATE_INHERIT` - Prevent subsequent children from inheriting ACE, \n * `OBJECT_INHERIT` - Non-container children inherit as effective ACE. Container objects inherit as inherit-only ACE"
}
},
"trustee" : {
"description" : "Trustee for this ACL entry" ,
"type" : "string"
},
"trustee_details" : {
"description" : "Trustee details for this ACL entry" ,
"type" : "object" ,
"properties" : {
"id_type" : {
"type" : "string" ,
"enum" : [
"LOCAL_USER" ,
"LOCAL_GROUP" ,
"NFS_GID" ,
"NFS_UID" ,
"SMB_SID" ,
"INTERNAL" ,
"QUMULO_OPERATOR"
],
"description" : "id_type: \n * `INTERNAL` - INTERNAL, \n * `LOCAL_GROUP` - LOCAL_GROUP, \n * `LOCAL_USER` - LOCAL_USER, \n * `NFS_GID` - NFS_GID, \n * `NFS_UID` - NFS_UID, \n * `QUMULO_OPERATOR` - QUMULO_OPERATOR, \n * `SMB_SID` - SMB_SID"
},
"id_value" : {
"description" : "id_value" ,
"type" : "string"
}
}
},
"rights" : {
"description" : "Rights granted or denied for this ACL entry" ,
"type" : "array" ,
"items" : {
"type" : "string" ,
"enum" : [
"READ" ,
"READ_EA" ,
"READ_ATTR" ,
"READ_ACL" ,
"WRITE_EA" ,
"WRITE_ATTR" ,
"WRITE_ACL" ,
"CHANGE_OWNER" ,
"WRITE_GROUP" ,
"DELETE" ,
"EXECUTE" ,
"MODIFY" ,
"EXTEND" ,
"ADD_FILE" ,
"ADD_SUBDIR" ,
"DELETE_CHILD" ,
"SYNCHRONIZE" ,
"ACCESS_RIGHTS_ALL"
],
"description" : "Rights granted or denied for this ACL entry: \n * `ACCESS_RIGHTS_ALL` - All access rights, \n * `ADD_FILE` - File creation access, \n * `ADD_SUBDIR` - Directory creation access, \n * `CHANGE_OWNER` - Owner write access, \n * `DELETE` - Delete access, \n * `DELETE_CHILD` - Delete from directory access, \n * `EXECUTE` - Execute access, \n * `EXTEND` - File extension access, \n * `MODIFY` - File modification access, \n * `READ` - File read access, \n * `READ_ACL` - ACL read access, \n * `READ_ATTR` - Attribute read access, \n * `READ_EA` - Extended attribute read access, \n * `SYNCHRONIZE` - File synchronize access, \n * `WRITE_ACL` - ACL write access, \n * `WRITE_ATTR` - Attribute write access, \n * `WRITE_EA` - Extended attribute write access, \n * `WRITE_GROUP` - Group write access"
}
}
}
}
}
}
}
}
}
PUT
Update file access control list (ACL).
Parameters
Name
Description
Required
ref
The file ID or the absolute path to the file system object. File IDs can be found in the id field of responses of APIs that return file attributes. You must URL-encode the paths. The APIs & Tools page in the Qumulo Core Web UI URL-encodes the paths.
Yes
If-Match
ETag for expected version
No
Request
Schema
{
"description" : "api_files_acl" ,
"type" : "object" ,
"properties" : {
"control" : {
"description" : "control" ,
"type" : "array" ,
"items" : {
"type" : "string" ,
"enum" : [
"PRESENT" ,
"DEFAULTED" ,
"TRUSTED" ,
"AUTO_INHERIT" ,
"PROTECTED" ,
"ACL_CONTROLS_ALL"
],
"description" : "control: \n * `ACL_CONTROLS_ALL` - All ACL controls, \n * `AUTO_INHERIT` - Set whether the ACL was created through inheritance, \n * `DEFAULTED` - Sets whether the ACL was established by default means, \n * `PRESENT` - Set when ACL is present on the object, \n * `PROTECTED` - Protects ACL from inherit operations, \n * `TRUSTED` - Set when ACL is provided by a trusted source"
}
},
"posix_special_permissions" : {
"type" : "array" ,
"items" : {
"type" : "string" ,
"enum" : [
"STICKY_BIT" ,
"SET_GID" ,
"SET_UID"
],
"description" : "posix_special_permissions: \n * `SET_GID` - SET_GID, \n * `SET_UID` - SET_UID, \n * `STICKY_BIT` - STICKY_BIT"
}
},
"aces" : {
"type" : "array" ,
"items" : {
"description" : "aces" ,
"type" : "object" ,
"properties" : {
"type" : {
"type" : "string" ,
"enum" : [
"ALLOWED" ,
"DENIED"
],
"description" : "Type of this ACL entry: \n * `ALLOWED` - An ACL entry that grants rights, \n * `DENIED` - An ACL entry that denies rights"
},
"flags" : {
"description" : "ACE flags for this ACL entry" ,
"type" : "array" ,
"items" : {
"type" : "string" ,
"enum" : [
"OBJECT_INHERIT" ,
"CONTAINER_INHERIT" ,
"NO_PROPAGATE_INHERIT" ,
"INHERIT_ONLY" ,
"INHERITED" ,
"ACE_FLAGS_ALL"
],
"description" : "ACE flags for this ACL entry: \n * `ACE_FLAGS_ALL` - All ACE flags, \n * `CONTAINER_INHERIT` - Children that are containers inherit as effective ACE, \n * `INHERITED` - Indicates the ACE was inherited, \n * `INHERIT_ONLY` - Indicates an inherit-only ACE that doesn't control access to the attached object, \n * `NO_PROPAGATE_INHERIT` - Prevent subsequent children from inheriting ACE, \n * `OBJECT_INHERIT` - Non-container children inherit as effective ACE. Container objects inherit as inherit-only ACE"
}
},
"trustee" : {
"description" : "Trustee for this ACL entry" ,
"type" : "string"
},
"trustee_details" : {
"description" : "Trustee details for this ACL entry" ,
"type" : "object" ,
"properties" : {
"id_type" : {
"type" : "string" ,
"enum" : [
"LOCAL_USER" ,
"LOCAL_GROUP" ,
"NFS_GID" ,
"NFS_UID" ,
"SMB_SID" ,
"INTERNAL" ,
"QUMULO_OPERATOR"
],
"description" : "id_type: \n * `INTERNAL` - INTERNAL, \n * `LOCAL_GROUP` - LOCAL_GROUP, \n * `LOCAL_USER` - LOCAL_USER, \n * `NFS_GID` - NFS_GID, \n * `NFS_UID` - NFS_UID, \n * `QUMULO_OPERATOR` - QUMULO_OPERATOR, \n * `SMB_SID` - SMB_SID"
},
"id_value" : {
"description" : "id_value" ,
"type" : "string"
}
}
},
"rights" : {
"description" : "Rights granted or denied for this ACL entry" ,
"type" : "array" ,
"items" : {
"type" : "string" ,
"enum" : [
"READ" ,
"READ_EA" ,
"READ_ATTR" ,
"READ_ACL" ,
"WRITE_EA" ,
"WRITE_ATTR" ,
"WRITE_ACL" ,
"CHANGE_OWNER" ,
"WRITE_GROUP" ,
"DELETE" ,
"EXECUTE" ,
"MODIFY" ,
"EXTEND" ,
"ADD_FILE" ,
"ADD_SUBDIR" ,
"DELETE_CHILD" ,
"SYNCHRONIZE" ,
"ACCESS_RIGHTS_ALL"
],
"description" : "Rights granted or denied for this ACL entry: \n * `ACCESS_RIGHTS_ALL` - All access rights, \n * `ADD_FILE` - File creation access, \n * `ADD_SUBDIR` - Directory creation access, \n * `CHANGE_OWNER` - Owner write access, \n * `DELETE` - Delete access, \n * `DELETE_CHILD` - Delete from directory access, \n * `EXECUTE` - Execute access, \n * `EXTEND` - File extension access, \n * `MODIFY` - File modification access, \n * `READ` - File read access, \n * `READ_ACL` - ACL read access, \n * `READ_ATTR` - Attribute read access, \n * `READ_EA` - Extended attribute read access, \n * `SYNCHRONIZE` - File synchronize access, \n * `WRITE_ACL` - ACL write access, \n * `WRITE_ATTR` - Attribute write access, \n * `WRITE_EA` - Extended attribute write access, \n * `WRITE_GROUP` - Group write access"
}
}
}
}
}
}
}
Response
Codes
Code
Description
200
Return value on success
Schema
{
"description" : "api_files_acl_out" ,
"type" : "object" ,
"properties" : {
"generated" : {
"description" : "Set to true if the system has generated an ACL from Unix permissions" ,
"type" : "boolean"
},
"acl" : {
"description" : "acl" ,
"type" : "object" ,
"properties" : {
"control" : {
"description" : "control" ,
"type" : "array" ,
"items" : {
"type" : "string" ,
"enum" : [
"PRESENT" ,
"DEFAULTED" ,
"TRUSTED" ,
"AUTO_INHERIT" ,
"PROTECTED" ,
"ACL_CONTROLS_ALL"
],
"description" : "control: \n * `ACL_CONTROLS_ALL` - All ACL controls, \n * `AUTO_INHERIT` - Set whether the ACL was created through inheritance, \n * `DEFAULTED` - Sets whether the ACL was established by default means, \n * `PRESENT` - Set when ACL is present on the object, \n * `PROTECTED` - Protects ACL from inherit operations, \n * `TRUSTED` - Set when ACL is provided by a trusted source"
}
},
"posix_special_permissions" : {
"type" : "array" ,
"items" : {
"type" : "string" ,
"enum" : [
"STICKY_BIT" ,
"SET_GID" ,
"SET_UID"
],
"description" : "posix_special_permissions: \n * `SET_GID` - SET_GID, \n * `SET_UID` - SET_UID, \n * `STICKY_BIT` - STICKY_BIT"
}
},
"aces" : {
"type" : "array" ,
"items" : {
"description" : "aces" ,
"type" : "object" ,
"properties" : {
"type" : {
"type" : "string" ,
"enum" : [
"ALLOWED" ,
"DENIED"
],
"description" : "Type of this ACL entry: \n * `ALLOWED` - An ACL entry that grants rights, \n * `DENIED` - An ACL entry that denies rights"
},
"flags" : {
"description" : "ACE flags for this ACL entry" ,
"type" : "array" ,
"items" : {
"type" : "string" ,
"enum" : [
"OBJECT_INHERIT" ,
"CONTAINER_INHERIT" ,
"NO_PROPAGATE_INHERIT" ,
"INHERIT_ONLY" ,
"INHERITED" ,
"ACE_FLAGS_ALL"
],
"description" : "ACE flags for this ACL entry: \n * `ACE_FLAGS_ALL` - All ACE flags, \n * `CONTAINER_INHERIT` - Children that are containers inherit as effective ACE, \n * `INHERITED` - Indicates the ACE was inherited, \n * `INHERIT_ONLY` - Indicates an inherit-only ACE that doesn't control access to the attached object, \n * `NO_PROPAGATE_INHERIT` - Prevent subsequent children from inheriting ACE, \n * `OBJECT_INHERIT` - Non-container children inherit as effective ACE. Container objects inherit as inherit-only ACE"
}
},
"trustee" : {
"description" : "Trustee for this ACL entry" ,
"type" : "string"
},
"trustee_details" : {
"description" : "Trustee details for this ACL entry" ,
"type" : "object" ,
"properties" : {
"id_type" : {
"type" : "string" ,
"enum" : [
"LOCAL_USER" ,
"LOCAL_GROUP" ,
"NFS_GID" ,
"NFS_UID" ,
"SMB_SID" ,
"INTERNAL" ,
"QUMULO_OPERATOR"
],
"description" : "id_type: \n * `INTERNAL` - INTERNAL, \n * `LOCAL_GROUP` - LOCAL_GROUP, \n * `LOCAL_USER` - LOCAL_USER, \n * `NFS_GID` - NFS_GID, \n * `NFS_UID` - NFS_UID, \n * `QUMULO_OPERATOR` - QUMULO_OPERATOR, \n * `SMB_SID` - SMB_SID"
},
"id_value" : {
"description" : "id_value" ,
"type" : "string"
}
}
},
"rights" : {
"description" : "Rights granted or denied for this ACL entry" ,
"type" : "array" ,
"items" : {
"type" : "string" ,
"enum" : [
"READ" ,
"READ_EA" ,
"READ_ATTR" ,
"READ_ACL" ,
"WRITE_EA" ,
"WRITE_ATTR" ,
"WRITE_ACL" ,
"CHANGE_OWNER" ,
"WRITE_GROUP" ,
"DELETE" ,
"EXECUTE" ,
"MODIFY" ,
"EXTEND" ,
"ADD_FILE" ,
"ADD_SUBDIR" ,
"DELETE_CHILD" ,
"SYNCHRONIZE" ,
"ACCESS_RIGHTS_ALL"
],
"description" : "Rights granted or denied for this ACL entry: \n * `ACCESS_RIGHTS_ALL` - All access rights, \n * `ADD_FILE` - File creation access, \n * `ADD_SUBDIR` - Directory creation access, \n * `CHANGE_OWNER` - Owner write access, \n * `DELETE` - Delete access, \n * `DELETE_CHILD` - Delete from directory access, \n * `EXECUTE` - Execute access, \n * `EXTEND` - File extension access, \n * `MODIFY` - File modification access, \n * `READ` - File read access, \n * `READ_ACL` - ACL read access, \n * `READ_ATTR` - Attribute read access, \n * `READ_EA` - Extended attribute read access, \n * `SYNCHRONIZE` - File synchronize access, \n * `WRITE_ACL` - ACL write access, \n * `WRITE_ATTR` - Attribute write access, \n * `WRITE_EA` - Extended attribute write access, \n * `WRITE_GROUP` - Group write access"
}
}
}
}
}
}
}
}
}