files/{ref}/info/acl/explain-rights

Endpoint

/v1/files/{ref}/info/acl/explain-rights

POST

Explain how rights are granted to a user for a file/directory.

Parameters

Name	Description	Required
`ref`	The file ID or the absolute path to the file system object. File IDs can be found in the id field of responses of APIs that return file attributes. You must URL-encode the paths. The APIs & Tools page in the Qumulo Core Web UI URL-encodes the paths.	Yes
`snapshot`	The snapshot ID that specifies the version of the filesystem to use. If not specified, use the head version.	No

Request

Schema

{
  "description": "api_files_effective_rights_post",
  "type": "object",
  "properties": {
    "user": {
      "description": "The user for whom to explain effective rights.",
      "type": "object",
      "properties": {
        "domain": {
          "type": "string",
          "enum": [
            "LOCAL",
            "API_NULL_DOMAIN",
            "WORLD",
            "POSIX_USER",
            "POSIX_GROUP",
            "ACTIVE_DIRECTORY",
            "API_INVALID_DOMAIN",
            "API_RESERVED_DOMAIN",
            "API_INTERNAL_DOMAIN",
            "API_OPERATOR_DOMAIN",
            "API_CREATOR_DOMAIN"
          ],
          "description": "domain:\n * `ACTIVE_DIRECTORY` - ACTIVE_DIRECTORY,\n * `API_CREATOR_DOMAIN` - API_CREATOR_DOMAIN,\n * `API_INTERNAL_DOMAIN` - API_INTERNAL_DOMAIN,\n * `API_INVALID_DOMAIN` - API_INVALID_DOMAIN,\n * `API_NULL_DOMAIN` - API_NULL_DOMAIN,\n * `API_OPERATOR_DOMAIN` - API_OPERATOR_DOMAIN,\n * `API_RESERVED_DOMAIN` - API_RESERVED_DOMAIN,\n * `LOCAL` - LOCAL,\n * `POSIX_GROUP` - POSIX_GROUP,\n * `POSIX_USER` - POSIX_USER,\n * `WORLD` - WORLD"
        },
        "auth_id": {
          "description": "auth_id",
          "type": "string"
        },
        "uid": {
          "description": "uid",
          "type": "number"
        },
        "gid": {
          "description": "gid",
          "type": "number"
        },
        "sid": {
          "description": "sid",
          "type": "string"
        },
        "name": {
          "description": "name",
          "type": "string"
        }
      }
    },
    "primary_group": {
      "description": "The user's primary group.",
      "type": "object",
      "properties": {
        "domain": {
          "type": "string",
          "enum": [
            "LOCAL",
            "API_NULL_DOMAIN",
            "WORLD",
            "POSIX_USER",
            "POSIX_GROUP",
            "ACTIVE_DIRECTORY",
            "API_INVALID_DOMAIN",
            "API_RESERVED_DOMAIN",
            "API_INTERNAL_DOMAIN",
            "API_OPERATOR_DOMAIN",
            "API_CREATOR_DOMAIN"
          ],
          "description": "domain:\n * `ACTIVE_DIRECTORY` - ACTIVE_DIRECTORY,\n * `API_CREATOR_DOMAIN` - API_CREATOR_DOMAIN,\n * `API_INTERNAL_DOMAIN` - API_INTERNAL_DOMAIN,\n * `API_INVALID_DOMAIN` - API_INVALID_DOMAIN,\n * `API_NULL_DOMAIN` - API_NULL_DOMAIN,\n * `API_OPERATOR_DOMAIN` - API_OPERATOR_DOMAIN,\n * `API_RESERVED_DOMAIN` - API_RESERVED_DOMAIN,\n * `LOCAL` - LOCAL,\n * `POSIX_GROUP` - POSIX_GROUP,\n * `POSIX_USER` - POSIX_USER,\n * `WORLD` - WORLD"
        },
        "auth_id": {
          "description": "auth_id",
          "type": "string"
        },
        "uid": {
          "description": "uid",
          "type": "number"
        },
        "gid": {
          "description": "gid",
          "type": "number"
        },
        "sid": {
          "description": "sid",
          "type": "string"
        },
        "name": {
          "description": "name",
          "type": "string"
        }
      }
    },
    "auxiliary_identities": {
      "type": "array",
      "items": {
        "description": "Any auxiliary identities for the user, e.g. additional groups or related identities.",
        "type": "object",
        "properties": {
          "domain": {
            "type": "string",
            "enum": [
              "LOCAL",
              "API_NULL_DOMAIN",
              "WORLD",
              "POSIX_USER",
              "POSIX_GROUP",
              "ACTIVE_DIRECTORY",
              "API_INVALID_DOMAIN",
              "API_RESERVED_DOMAIN",
              "API_INTERNAL_DOMAIN",
              "API_OPERATOR_DOMAIN",
              "API_CREATOR_DOMAIN"
            ],
            "description": "domain:\n * `ACTIVE_DIRECTORY` - ACTIVE_DIRECTORY,\n * `API_CREATOR_DOMAIN` - API_CREATOR_DOMAIN,\n * `API_INTERNAL_DOMAIN` - API_INTERNAL_DOMAIN,\n * `API_INVALID_DOMAIN` - API_INVALID_DOMAIN,\n * `API_NULL_DOMAIN` - API_NULL_DOMAIN,\n * `API_OPERATOR_DOMAIN` - API_OPERATOR_DOMAIN,\n * `API_RESERVED_DOMAIN` - API_RESERVED_DOMAIN,\n * `LOCAL` - LOCAL,\n * `POSIX_GROUP` - POSIX_GROUP,\n * `POSIX_USER` - POSIX_USER,\n * `WORLD` - WORLD"
          },
          "auth_id": {
            "description": "auth_id",
            "type": "string"
          },
          "uid": {
            "description": "uid",
            "type": "number"
          },
          "gid": {
            "description": "gid",
            "type": "number"
          },
          "sid": {
            "description": "sid",
            "type": "string"
          },
          "name": {
            "description": "name",
            "type": "string"
          }
        }
      }
    }
  }
}

Response

Codes

Code	Description
200	Return value on success

Schema

{
  "description": "api_files_effective_rights_explanation",
  "type": "object",
  "properties": {
    "owner": {
      "description": "The user that owns the file.",
      "type": "object",
      "properties": {
        "domain": {
          "type": "string",
          "enum": [
            "LOCAL",
            "API_NULL_DOMAIN",
            "WORLD",
            "POSIX_USER",
            "POSIX_GROUP",
            "ACTIVE_DIRECTORY",
            "API_INVALID_DOMAIN",
            "API_RESERVED_DOMAIN",
            "API_INTERNAL_DOMAIN",
            "API_OPERATOR_DOMAIN",
            "API_CREATOR_DOMAIN"
          ],
          "description": "domain:\n * `ACTIVE_DIRECTORY` - ACTIVE_DIRECTORY,\n * `API_CREATOR_DOMAIN` - API_CREATOR_DOMAIN,\n * `API_INTERNAL_DOMAIN` - API_INTERNAL_DOMAIN,\n * `API_INVALID_DOMAIN` - API_INVALID_DOMAIN,\n * `API_NULL_DOMAIN` - API_NULL_DOMAIN,\n * `API_OPERATOR_DOMAIN` - API_OPERATOR_DOMAIN,\n * `API_RESERVED_DOMAIN` - API_RESERVED_DOMAIN,\n * `LOCAL` - LOCAL,\n * `POSIX_GROUP` - POSIX_GROUP,\n * `POSIX_USER` - POSIX_USER,\n * `WORLD` - WORLD"
        },
        "auth_id": {
          "description": "auth_id",
          "type": "string"
        },
        "uid": {
          "description": "uid",
          "type": "number"
        },
        "gid": {
          "description": "gid",
          "type": "number"
        },
        "sid": {
          "description": "sid",
          "type": "string"
        },
        "name": {
          "description": "name",
          "type": "string"
        }
      }
    },
    "group_owner": {
      "description": "The group-owner for the file.",
      "type": "object",
      "properties": {
        "domain": {
          "type": "string",
          "enum": [
            "LOCAL",
            "API_NULL_DOMAIN",
            "WORLD",
            "POSIX_USER",
            "POSIX_GROUP",
            "ACTIVE_DIRECTORY",
            "API_INVALID_DOMAIN",
            "API_RESERVED_DOMAIN",
            "API_INTERNAL_DOMAIN",
            "API_OPERATOR_DOMAIN",
            "API_CREATOR_DOMAIN"
          ],
          "description": "domain:\n * `ACTIVE_DIRECTORY` - ACTIVE_DIRECTORY,\n * `API_CREATOR_DOMAIN` - API_CREATOR_DOMAIN,\n * `API_INTERNAL_DOMAIN` - API_INTERNAL_DOMAIN,\n * `API_INVALID_DOMAIN` - API_INVALID_DOMAIN,\n * `API_NULL_DOMAIN` - API_NULL_DOMAIN,\n * `API_OPERATOR_DOMAIN` - API_OPERATOR_DOMAIN,\n * `API_RESERVED_DOMAIN` - API_RESERVED_DOMAIN,\n * `LOCAL` - LOCAL,\n * `POSIX_GROUP` - POSIX_GROUP,\n * `POSIX_USER` - POSIX_USER,\n * `WORLD` - WORLD"
        },
        "auth_id": {
          "description": "auth_id",
          "type": "string"
        },
        "uid": {
          "description": "uid",
          "type": "number"
        },
        "gid": {
          "description": "gid",
          "type": "number"
        },
        "sid": {
          "description": "sid",
          "type": "string"
        },
        "name": {
          "description": "name",
          "type": "string"
        }
      }
    },
    "requestor": {
      "description": "The full identity whose rights are described.",
      "type": "object",
      "properties": {
        "user": {
          "description": "The user for whose rights are being explained.",
          "type": "object",
          "properties": {
            "domain": {
              "type": "string",
              "enum": [
                "LOCAL",
                "API_NULL_DOMAIN",
                "WORLD",
                "POSIX_USER",
                "POSIX_GROUP",
                "ACTIVE_DIRECTORY",
                "API_INVALID_DOMAIN",
                "API_RESERVED_DOMAIN",
                "API_INTERNAL_DOMAIN",
                "API_OPERATOR_DOMAIN",
                "API_CREATOR_DOMAIN"
              ],
              "description": "domain:\n * `ACTIVE_DIRECTORY` - ACTIVE_DIRECTORY,\n * `API_CREATOR_DOMAIN` - API_CREATOR_DOMAIN,\n * `API_INTERNAL_DOMAIN` - API_INTERNAL_DOMAIN,\n * `API_INVALID_DOMAIN` - API_INVALID_DOMAIN,\n * `API_NULL_DOMAIN` - API_NULL_DOMAIN,\n * `API_OPERATOR_DOMAIN` - API_OPERATOR_DOMAIN,\n * `API_RESERVED_DOMAIN` - API_RESERVED_DOMAIN,\n * `LOCAL` - LOCAL,\n * `POSIX_GROUP` - POSIX_GROUP,\n * `POSIX_USER` - POSIX_USER,\n * `WORLD` - WORLD"
            },
            "auth_id": {
              "description": "auth_id",
              "type": "string"
            },
            "uid": {
              "description": "uid",
              "type": "number"
            },
            "gid": {
              "description": "gid",
              "type": "number"
            },
            "sid": {
              "description": "sid",
              "type": "string"
            },
            "name": {
              "description": "name",
              "type": "string"
            }
          }
        },
        "primary_group": {
          "description": "The user's primary group.",
          "type": "object",
          "properties": {
            "domain": {
              "type": "string",
              "enum": [
                "LOCAL",
                "API_NULL_DOMAIN",
                "WORLD",
                "POSIX_USER",
                "POSIX_GROUP",
                "ACTIVE_DIRECTORY",
                "API_INVALID_DOMAIN",
                "API_RESERVED_DOMAIN",
                "API_INTERNAL_DOMAIN",
                "API_OPERATOR_DOMAIN",
                "API_CREATOR_DOMAIN"
              ],
              "description": "domain:\n * `ACTIVE_DIRECTORY` - ACTIVE_DIRECTORY,\n * `API_CREATOR_DOMAIN` - API_CREATOR_DOMAIN,\n * `API_INTERNAL_DOMAIN` - API_INTERNAL_DOMAIN,\n * `API_INVALID_DOMAIN` - API_INVALID_DOMAIN,\n * `API_NULL_DOMAIN` - API_NULL_DOMAIN,\n * `API_OPERATOR_DOMAIN` - API_OPERATOR_DOMAIN,\n * `API_RESERVED_DOMAIN` - API_RESERVED_DOMAIN,\n * `LOCAL` - LOCAL,\n * `POSIX_GROUP` - POSIX_GROUP,\n * `POSIX_USER` - POSIX_USER,\n * `WORLD` - WORLD"
            },
            "auth_id": {
              "description": "auth_id",
              "type": "string"
            },
            "uid": {
              "description": "uid",
              "type": "number"
            },
            "gid": {
              "description": "gid",
              "type": "number"
            },
            "sid": {
              "description": "sid",
              "type": "string"
            },
            "name": {
              "description": "name",
              "type": "string"
            }
          }
        },
        "auxiliary_identities": {
          "type": "array",
          "items": {
            "description": "Any auxiliary identities for the user, e.g. additional groups or related identities.",
            "type": "object",
            "properties": {
              "domain": {
                "type": "string",
                "enum": [
                  "LOCAL",
                  "API_NULL_DOMAIN",
                  "WORLD",
                  "POSIX_USER",
                  "POSIX_GROUP",
                  "ACTIVE_DIRECTORY",
                  "API_INVALID_DOMAIN",
                  "API_RESERVED_DOMAIN",
                  "API_INTERNAL_DOMAIN",
                  "API_OPERATOR_DOMAIN",
                  "API_CREATOR_DOMAIN"
                ],
                "description": "domain:\n * `ACTIVE_DIRECTORY` - ACTIVE_DIRECTORY,\n * `API_CREATOR_DOMAIN` - API_CREATOR_DOMAIN,\n * `API_INTERNAL_DOMAIN` - API_INTERNAL_DOMAIN,\n * `API_INVALID_DOMAIN` - API_INVALID_DOMAIN,\n * `API_NULL_DOMAIN` - API_NULL_DOMAIN,\n * `API_OPERATOR_DOMAIN` - API_OPERATOR_DOMAIN,\n * `API_RESERVED_DOMAIN` - API_RESERVED_DOMAIN,\n * `LOCAL` - LOCAL,\n * `POSIX_GROUP` - POSIX_GROUP,\n * `POSIX_USER` - POSIX_USER,\n * `WORLD` - WORLD"
              },
              "auth_id": {
                "description": "auth_id",
                "type": "string"
              },
              "uid": {
                "description": "uid",
                "type": "number"
              },
              "gid": {
                "description": "gid",
                "type": "number"
              },
              "sid": {
                "description": "sid",
                "type": "string"
              },
              "name": {
                "description": "name",
                "type": "string"
              }
            }
          }
        }
      }
    },
    "admin_priv_rights": {
      "description": "Rights granted by possessing the administrator privilege.",
      "type": "array",
      "items": {
        "type": "string",
        "enum": [
          "READ",
          "READ_EA",
          "READ_ATTR",
          "READ_ACL",
          "WRITE_EA",
          "WRITE_ATTR",
          "WRITE_ACL",
          "CHANGE_OWNER",
          "WRITE_GROUP",
          "DELETE",
          "EXECUTE",
          "MODIFY",
          "EXTEND",
          "ADD_FILE",
          "ADD_SUBDIR",
          "DELETE_CHILD",
          "SYNCHRONIZE",
          "ACCESS_RIGHTS_ALL"
        ],
        "description": "Rights granted by possessing the administrator privilege.:\n * `ACCESS_RIGHTS_ALL` - All access rights,\n * `ADD_FILE` - File creation access,\n * `ADD_SUBDIR` - Directory creation access,\n * `CHANGE_OWNER` - Owner write access,\n * `DELETE` - Delete access,\n * `DELETE_CHILD` - Delete from directory access,\n * `EXECUTE` - Execute access,\n * `EXTEND` - File extension access,\n * `MODIFY` - File modification access,\n * `READ` - File read access,\n * `READ_ACL` - ACL read access,\n * `READ_ATTR` - Attribute read access,\n * `READ_EA` - Extended attribute read access,\n * `SYNCHRONIZE` - File synchronize access,\n * `WRITE_ACL` - ACL write access,\n * `WRITE_ATTR` - Attribute write access,\n * `WRITE_EA` - Extended attribute write access,\n * `WRITE_GROUP` - Group write access"
      }
    },
    "read_attr_priv_rights": {
      "description": "Rights granted by possessing the privilege to read attributes.",
      "type": "array",
      "items": {
        "type": "string",
        "enum": [
          "READ",
          "READ_EA",
          "READ_ATTR",
          "READ_ACL",
          "WRITE_EA",
          "WRITE_ATTR",
          "WRITE_ACL",
          "CHANGE_OWNER",
          "WRITE_GROUP",
          "DELETE",
          "EXECUTE",
          "MODIFY",
          "EXTEND",
          "ADD_FILE",
          "ADD_SUBDIR",
          "DELETE_CHILD",
          "SYNCHRONIZE",
          "ACCESS_RIGHTS_ALL"
        ],
        "description": "Rights granted by possessing the privilege to read attributes.:\n * `ACCESS_RIGHTS_ALL` - All access rights,\n * `ADD_FILE` - File creation access,\n * `ADD_SUBDIR` - Directory creation access,\n * `CHANGE_OWNER` - Owner write access,\n * `DELETE` - Delete access,\n * `DELETE_CHILD` - Delete from directory access,\n * `EXECUTE` - Execute access,\n * `EXTEND` - File extension access,\n * `MODIFY` - File modification access,\n * `READ` - File read access,\n * `READ_ACL` - ACL read access,\n * `READ_ATTR` - Attribute read access,\n * `READ_EA` - Extended attribute read access,\n * `SYNCHRONIZE` - File synchronize access,\n * `WRITE_ACL` - ACL write access,\n * `WRITE_ATTR` - Attribute write access,\n * `WRITE_EA` - Extended attribute write access,\n * `WRITE_GROUP` - Group write access"
      }
    },
    "annotated_aces": {
      "type": "array",
      "items": {
        "description": "An ACE-by-ACE explanation of rights granted to the user.",
        "type": "object",
        "properties": {
          "ace": {
            "description": "Exact copy of the FS ACE.",
            "type": "object",
            "properties": {
              "type": {
                "type": "string",
                "enum": [
                  "ALLOWED",
                  "DENIED"
                ],
                "description": "Type of this ACL entry:\n * `ALLOWED` - An ACL entry that grants rights,\n * `DENIED` - An ACL entry that denies rights"
              },
              "flags": {
                "description": "ACE flags for this ACL entry",
                "type": "array",
                "items": {
                  "type": "string",
                  "enum": [
                    "OBJECT_INHERIT",
                    "CONTAINER_INHERIT",
                    "NO_PROPAGATE_INHERIT",
                    "INHERIT_ONLY",
                    "INHERITED",
                    "ACE_FLAGS_ALL"
                  ],
                  "description": "ACE flags for this ACL entry:\n * `ACE_FLAGS_ALL` - All ACE flags,\n * `CONTAINER_INHERIT` - Children that are containers inherit as effective ACE,\n * `INHERITED` - Indicates the ACE was inherited,\n * `INHERIT_ONLY` - Indicates an inherit-only ACE that doesn't control access to the attached object,\n * `NO_PROPAGATE_INHERIT` - Prevent subsequent children from inheriting ACE,\n * `OBJECT_INHERIT` - Non-container children inherit as effective ACE. Container objects inherit as inherit-only ACE"
                }
              },
              "trustee": {
                "description": "Trustee for this ACL entry",
                "type": "object",
                "properties": {
                  "domain": {
                    "type": "string",
                    "enum": [
                      "LOCAL",
                      "API_NULL_DOMAIN",
                      "WORLD",
                      "POSIX_USER",
                      "POSIX_GROUP",
                      "ACTIVE_DIRECTORY",
                      "API_INVALID_DOMAIN",
                      "API_RESERVED_DOMAIN",
                      "API_INTERNAL_DOMAIN",
                      "API_OPERATOR_DOMAIN",
                      "API_CREATOR_DOMAIN"
                    ],
                    "description": "domain:\n * `ACTIVE_DIRECTORY` - ACTIVE_DIRECTORY,\n * `API_CREATOR_DOMAIN` - API_CREATOR_DOMAIN,\n * `API_INTERNAL_DOMAIN` - API_INTERNAL_DOMAIN,\n * `API_INVALID_DOMAIN` - API_INVALID_DOMAIN,\n * `API_NULL_DOMAIN` - API_NULL_DOMAIN,\n * `API_OPERATOR_DOMAIN` - API_OPERATOR_DOMAIN,\n * `API_RESERVED_DOMAIN` - API_RESERVED_DOMAIN,\n * `LOCAL` - LOCAL,\n * `POSIX_GROUP` - POSIX_GROUP,\n * `POSIX_USER` - POSIX_USER,\n * `WORLD` - WORLD"
                  },
                  "auth_id": {
                    "description": "auth_id",
                    "type": "string"
                  },
                  "uid": {
                    "description": "uid",
                    "type": "number"
                  },
                  "gid": {
                    "description": "gid",
                    "type": "number"
                  },
                  "sid": {
                    "description": "sid",
                    "type": "string"
                  },
                  "name": {
                    "description": "name",
                    "type": "string"
                  }
                }
              },
              "rights": {
                "description": "Rights granted or denied for this ACL entry",
                "type": "array",
                "items": {
                  "type": "string",
                  "enum": [
                    "READ",
                    "READ_EA",
                    "READ_ATTR",
                    "READ_ACL",
                    "WRITE_EA",
                    "WRITE_ATTR",
                    "WRITE_ACL",
                    "CHANGE_OWNER",
                    "WRITE_GROUP",
                    "DELETE",
                    "EXECUTE",
                    "MODIFY",
                    "EXTEND",
                    "ADD_FILE",
                    "ADD_SUBDIR",
                    "DELETE_CHILD",
                    "SYNCHRONIZE",
                    "ACCESS_RIGHTS_ALL"
                  ],
                  "description": "Rights granted or denied for this ACL entry:\n * `ACCESS_RIGHTS_ALL` - All access rights,\n * `ADD_FILE` - File creation access,\n * `ADD_SUBDIR` - Directory creation access,\n * `CHANGE_OWNER` - Owner write access,\n * `DELETE` - Delete access,\n * `DELETE_CHILD` - Delete from directory access,\n * `EXECUTE` - Execute access,\n * `EXTEND` - File extension access,\n * `MODIFY` - File modification access,\n * `READ` - File read access,\n * `READ_ACL` - ACL read access,\n * `READ_ATTR` - Attribute read access,\n * `READ_EA` - Extended attribute read access,\n * `SYNCHRONIZE` - File synchronize access,\n * `WRITE_ACL` - ACL write access,\n * `WRITE_ATTR` - Attribute write access,\n * `WRITE_EA` - Extended attribute write access,\n * `WRITE_GROUP` - Group write access"
                }
              }
            }
          },
          "trustee_matches": {
            "description": "Whether this ACE's trustee matches the user in question.",
            "type": "boolean"
          },
          "skipped_inherit_only": {
            "description": "Whether this ACE does not affect rights due to being inherit-only.",
            "type": "boolean"
          },
          "newly_allowed": {
            "description": "Rights allowed by the current ACE.",
            "type": "array",
            "items": {
              "type": "string",
              "enum": [
                "READ",
                "READ_EA",
                "READ_ATTR",
                "READ_ACL",
                "WRITE_EA",
                "WRITE_ATTR",
                "WRITE_ACL",
                "CHANGE_OWNER",
                "WRITE_GROUP",
                "DELETE",
                "EXECUTE",
                "MODIFY",
                "EXTEND",
                "ADD_FILE",
                "ADD_SUBDIR",
                "DELETE_CHILD",
                "SYNCHRONIZE",
                "ACCESS_RIGHTS_ALL"
              ],
              "description": "Rights allowed by the current ACE.:\n * `ACCESS_RIGHTS_ALL` - All access rights,\n * `ADD_FILE` - File creation access,\n * `ADD_SUBDIR` - Directory creation access,\n * `CHANGE_OWNER` - Owner write access,\n * `DELETE` - Delete access,\n * `DELETE_CHILD` - Delete from directory access,\n * `EXECUTE` - Execute access,\n * `EXTEND` - File extension access,\n * `MODIFY` - File modification access,\n * `READ` - File read access,\n * `READ_ACL` - ACL read access,\n * `READ_ATTR` - Attribute read access,\n * `READ_EA` - Extended attribute read access,\n * `SYNCHRONIZE` - File synchronize access,\n * `WRITE_ACL` - ACL write access,\n * `WRITE_ATTR` - Attribute write access,\n * `WRITE_EA` - Extended attribute write access,\n * `WRITE_GROUP` - Group write access"
            }
          },
          "cumulative_allowed": {
            "description": "Rights allowed in total so far.",
            "type": "array",
            "items": {
              "type": "string",
              "enum": [
                "READ",
                "READ_EA",
                "READ_ATTR",
                "READ_ACL",
                "WRITE_EA",
                "WRITE_ATTR",
                "WRITE_ACL",
                "CHANGE_OWNER",
                "WRITE_GROUP",
                "DELETE",
                "EXECUTE",
                "MODIFY",
                "EXTEND",
                "ADD_FILE",
                "ADD_SUBDIR",
                "DELETE_CHILD",
                "SYNCHRONIZE",
                "ACCESS_RIGHTS_ALL"
              ],
              "description": "Rights allowed in total so far.:\n * `ACCESS_RIGHTS_ALL` - All access rights,\n * `ADD_FILE` - File creation access,\n * `ADD_SUBDIR` - Directory creation access,\n * `CHANGE_OWNER` - Owner write access,\n * `DELETE` - Delete access,\n * `DELETE_CHILD` - Delete from directory access,\n * `EXECUTE` - Execute access,\n * `EXTEND` - File extension access,\n * `MODIFY` - File modification access,\n * `READ` - File read access,\n * `READ_ACL` - ACL read access,\n * `READ_ATTR` - Attribute read access,\n * `READ_EA` - Extended attribute read access,\n * `SYNCHRONIZE` - File synchronize access,\n * `WRITE_ACL` - ACL write access,\n * `WRITE_ATTR` - Attribute write access,\n * `WRITE_EA` - Extended attribute write access,\n * `WRITE_GROUP` - Group write access"
            }
          },
          "newly_denied": {
            "description": "Rights denied by the current ACE.",
            "type": "array",
            "items": {
              "type": "string",
              "enum": [
                "READ",
                "READ_EA",
                "READ_ATTR",
                "READ_ACL",
                "WRITE_EA",
                "WRITE_ATTR",
                "WRITE_ACL",
                "CHANGE_OWNER",
                "WRITE_GROUP",
                "DELETE",
                "EXECUTE",
                "MODIFY",
                "EXTEND",
                "ADD_FILE",
                "ADD_SUBDIR",
                "DELETE_CHILD",
                "SYNCHRONIZE",
                "ACCESS_RIGHTS_ALL"
              ],
              "description": "Rights denied by the current ACE.:\n * `ACCESS_RIGHTS_ALL` - All access rights,\n * `ADD_FILE` - File creation access,\n * `ADD_SUBDIR` - Directory creation access,\n * `CHANGE_OWNER` - Owner write access,\n * `DELETE` - Delete access,\n * `DELETE_CHILD` - Delete from directory access,\n * `EXECUTE` - Execute access,\n * `EXTEND` - File extension access,\n * `MODIFY` - File modification access,\n * `READ` - File read access,\n * `READ_ACL` - ACL read access,\n * `READ_ATTR` - Attribute read access,\n * `READ_EA` - Extended attribute read access,\n * `SYNCHRONIZE` - File synchronize access,\n * `WRITE_ACL` - ACL write access,\n * `WRITE_ATTR` - Attribute write access,\n * `WRITE_EA` - Extended attribute write access,\n * `WRITE_GROUP` - Group write access"
            }
          },
          "cumulative_denied": {
            "description": "Rights denied in total so far.",
            "type": "array",
            "items": {
              "type": "string",
              "enum": [
                "READ",
                "READ_EA",
                "READ_ATTR",
                "READ_ACL",
                "WRITE_EA",
                "WRITE_ATTR",
                "WRITE_ACL",
                "CHANGE_OWNER",
                "WRITE_GROUP",
                "DELETE",
                "EXECUTE",
                "MODIFY",
                "EXTEND",
                "ADD_FILE",
                "ADD_SUBDIR",
                "DELETE_CHILD",
                "SYNCHRONIZE",
                "ACCESS_RIGHTS_ALL"
              ],
              "description": "Rights denied in total so far.:\n * `ACCESS_RIGHTS_ALL` - All access rights,\n * `ADD_FILE` - File creation access,\n * `ADD_SUBDIR` - Directory creation access,\n * `CHANGE_OWNER` - Owner write access,\n * `DELETE` - Delete access,\n * `DELETE_CHILD` - Delete from directory access,\n * `EXECUTE` - Execute access,\n * `EXTEND` - File extension access,\n * `MODIFY` - File modification access,\n * `READ` - File read access,\n * `READ_ACL` - ACL read access,\n * `READ_ATTR` - Attribute read access,\n * `READ_EA` - Extended attribute read access,\n * `SYNCHRONIZE` - File synchronize access,\n * `WRITE_ACL` - ACL write access,\n * `WRITE_ATTR` - Attribute write access,\n * `WRITE_EA` - Extended attribute write access,\n * `WRITE_GROUP` - Group write access"
            }
          }
        }
      }
    },
    "rights_from_aces": {
      "description": "Rights granted by the file or directory's ACEs.",
      "type": "array",
      "items": {
        "type": "string",
        "enum": [
          "READ",
          "READ_EA",
          "READ_ATTR",
          "READ_ACL",
          "WRITE_EA",
          "WRITE_ATTR",
          "WRITE_ACL",
          "CHANGE_OWNER",
          "WRITE_GROUP",
          "DELETE",
          "EXECUTE",
          "MODIFY",
          "EXTEND",
          "ADD_FILE",
          "ADD_SUBDIR",
          "DELETE_CHILD",
          "SYNCHRONIZE",
          "ACCESS_RIGHTS_ALL"
        ],
        "description": "Rights granted by the file or directory's ACEs.:\n * `ACCESS_RIGHTS_ALL` - All access rights,\n * `ADD_FILE` - File creation access,\n * `ADD_SUBDIR` - Directory creation access,\n * `CHANGE_OWNER` - Owner write access,\n * `DELETE` - Delete access,\n * `DELETE_CHILD` - Delete from directory access,\n * `EXECUTE` - Execute access,\n * `EXTEND` - File extension access,\n * `MODIFY` - File modification access,\n * `READ` - File read access,\n * `READ_ACL` - ACL read access,\n * `READ_ATTR` - Attribute read access,\n * `READ_EA` - Extended attribute read access,\n * `SYNCHRONIZE` - File synchronize access,\n * `WRITE_ACL` - ACL write access,\n * `WRITE_ATTR` - Attribute write access,\n * `WRITE_EA` - Extended attribute write access,\n * `WRITE_GROUP` - Group write access"
      }
    },
    "implicit_owner_rights_suppressed_by_ace": {
      "description": "Whether implicit rights for the owner were suppressed by an ACE for the well-known Owner Rights principal.",
      "type": "boolean"
    },
    "implicit_owner_rights": {
      "description": "Rights implicitly granted because the user in question owns the file or directory.",
      "type": "array",
      "items": {
        "type": "string",
        "enum": [
          "READ",
          "READ_EA",
          "READ_ATTR",
          "READ_ACL",
          "WRITE_EA",
          "WRITE_ATTR",
          "WRITE_ACL",
          "CHANGE_OWNER",
          "WRITE_GROUP",
          "DELETE",
          "EXECUTE",
          "MODIFY",
          "EXTEND",
          "ADD_FILE",
          "ADD_SUBDIR",
          "DELETE_CHILD",
          "SYNCHRONIZE",
          "ACCESS_RIGHTS_ALL"
        ],
        "description": "Rights implicitly granted because the user in question owns the file or directory.:\n * `ACCESS_RIGHTS_ALL` - All access rights,\n * `ADD_FILE` - File creation access,\n * `ADD_SUBDIR` - Directory creation access,\n * `CHANGE_OWNER` - Owner write access,\n * `DELETE` - Delete access,\n * `DELETE_CHILD` - Delete from directory access,\n * `EXECUTE` - Execute access,\n * `EXTEND` - File extension access,\n * `MODIFY` - File modification access,\n * `READ` - File read access,\n * `READ_ACL` - ACL read access,\n * `READ_ATTR` - Attribute read access,\n * `READ_EA` - Extended attribute read access,\n * `SYNCHRONIZE` - File synchronize access,\n * `WRITE_ACL` - ACL write access,\n * `WRITE_ATTR` - Attribute write access,\n * `WRITE_EA` - Extended attribute write access,\n * `WRITE_GROUP` - Group write access"
      }
    },
    "implicit_rights_from_parent": {
      "description": "Rights implicitly granted by this file or directory's container.",
      "type": "array",
      "items": {
        "type": "string",
        "enum": [
          "READ",
          "READ_EA",
          "READ_ATTR",
          "READ_ACL",
          "WRITE_EA",
          "WRITE_ATTR",
          "WRITE_ACL",
          "CHANGE_OWNER",
          "WRITE_GROUP",
          "DELETE",
          "EXECUTE",
          "MODIFY",
          "EXTEND",
          "ADD_FILE",
          "ADD_SUBDIR",
          "DELETE_CHILD",
          "SYNCHRONIZE",
          "ACCESS_RIGHTS_ALL"
        ],
        "description": "Rights implicitly granted by this file or directory's container.:\n * `ACCESS_RIGHTS_ALL` - All access rights,\n * `ADD_FILE` - File creation access,\n * `ADD_SUBDIR` - Directory creation access,\n * `CHANGE_OWNER` - Owner write access,\n * `DELETE` - Delete access,\n * `DELETE_CHILD` - Delete from directory access,\n * `EXECUTE` - Execute access,\n * `EXTEND` - File extension access,\n * `MODIFY` - File modification access,\n * `READ` - File read access,\n * `READ_ACL` - ACL read access,\n * `READ_ATTR` - Attribute read access,\n * `READ_EA` - Extended attribute read access,\n * `SYNCHRONIZE` - File synchronize access,\n * `WRITE_ACL` - ACL write access,\n * `WRITE_ATTR` - Attribute write access,\n * `WRITE_EA` - Extended attribute write access,\n * `WRITE_GROUP` - Group write access"
      }
    },
    "implicit_rights": {
      "description": "Cumulative rights implicitly granted.",
      "type": "array",
      "items": {
        "type": "string",
        "enum": [
          "READ",
          "READ_EA",
          "READ_ATTR",
          "READ_ACL",
          "WRITE_EA",
          "WRITE_ATTR",
          "WRITE_ACL",
          "CHANGE_OWNER",
          "WRITE_GROUP",
          "DELETE",
          "EXECUTE",
          "MODIFY",
          "EXTEND",
          "ADD_FILE",
          "ADD_SUBDIR",
          "DELETE_CHILD",
          "SYNCHRONIZE",
          "ACCESS_RIGHTS_ALL"
        ],
        "description": "Cumulative rights implicitly granted.:\n * `ACCESS_RIGHTS_ALL` - All access rights,\n * `ADD_FILE` - File creation access,\n * `ADD_SUBDIR` - Directory creation access,\n * `CHANGE_OWNER` - Owner write access,\n * `DELETE` - Delete access,\n * `DELETE_CHILD` - Delete from directory access,\n * `EXECUTE` - Execute access,\n * `EXTEND` - File extension access,\n * `MODIFY` - File modification access,\n * `READ` - File read access,\n * `READ_ACL` - ACL read access,\n * `READ_ATTR` - Attribute read access,\n * `READ_EA` - Extended attribute read access,\n * `SYNCHRONIZE` - File synchronize access,\n * `WRITE_ACL` - ACL write access,\n * `WRITE_ATTR` - Attribute write access,\n * `WRITE_EA` - Extended attribute write access,\n * `WRITE_GROUP` - Group write access"
      }
    },
    "is_read_only": {
      "description": "Whether the file or directory in question is in read-only mode.",
      "type": "boolean"
    },
    "max_rights": {
      "description": "Maximum rights which may be granted based on share permissions.",
      "type": "array",
      "items": {
        "type": "string",
        "enum": [
          "READ",
          "READ_EA",
          "READ_ATTR",
          "READ_ACL",
          "WRITE_EA",
          "WRITE_ATTR",
          "WRITE_ACL",
          "CHANGE_OWNER",
          "WRITE_GROUP",
          "DELETE",
          "EXECUTE",
          "MODIFY",
          "EXTEND",
          "ADD_FILE",
          "ADD_SUBDIR",
          "DELETE_CHILD",
          "SYNCHRONIZE",
          "ACCESS_RIGHTS_ALL"
        ],
        "description": "Maximum rights which may be granted based on share permissions.:\n * `ACCESS_RIGHTS_ALL` - All access rights,\n * `ADD_FILE` - File creation access,\n * `ADD_SUBDIR` - Directory creation access,\n * `CHANGE_OWNER` - Owner write access,\n * `DELETE` - Delete access,\n * `DELETE_CHILD` - Delete from directory access,\n * `EXECUTE` - Execute access,\n * `EXTEND` - File extension access,\n * `MODIFY` - File modification access,\n * `READ` - File read access,\n * `READ_ACL` - ACL read access,\n * `READ_ATTR` - Attribute read access,\n * `READ_EA` - Extended attribute read access,\n * `SYNCHRONIZE` - File synchronize access,\n * `WRITE_ACL` - ACL write access,\n * `WRITE_ATTR` - Attribute write access,\n * `WRITE_EA` - Extended attribute write access,\n * `WRITE_GROUP` - Group write access"
      }
    },
    "effective_rights": {
      "description": "Effective rights granted to the user in question for the file or directory.",
      "type": "array",
      "items": {
        "type": "string",
        "enum": [
          "READ",
          "READ_EA",
          "READ_ATTR",
          "READ_ACL",
          "WRITE_EA",
          "WRITE_ATTR",
          "WRITE_ACL",
          "CHANGE_OWNER",
          "WRITE_GROUP",
          "DELETE",
          "EXECUTE",
          "MODIFY",
          "EXTEND",
          "ADD_FILE",
          "ADD_SUBDIR",
          "DELETE_CHILD",
          "SYNCHRONIZE",
          "ACCESS_RIGHTS_ALL"
        ],
        "description": "Effective rights granted to the user in question for the file or directory.:\n * `ACCESS_RIGHTS_ALL` - All access rights,\n * `ADD_FILE` - File creation access,\n * `ADD_SUBDIR` - Directory creation access,\n * `CHANGE_OWNER` - Owner write access,\n * `DELETE` - Delete access,\n * `DELETE_CHILD` - Delete from directory access,\n * `EXECUTE` - Execute access,\n * `EXTEND` - File extension access,\n * `MODIFY` - File modification access,\n * `READ` - File read access,\n * `READ_ACL` - ACL read access,\n * `READ_ATTR` - Attribute read access,\n * `READ_EA` - Extended attribute read access,\n * `SYNCHRONIZE` - File synchronize access,\n * `WRITE_ACL` - ACL write access,\n * `WRITE_ATTR` - Attribute write access,\n * `WRITE_EA` - Extended attribute write access,\n * `WRITE_GROUP` - Group write access"
      }
    }
  }
}