Endpoint

/v2/files/{ref}/info/acl

GET

Get file access control list (ACL).

Parameters

Name Description Required
ref The file ID or the absolute path to the file system object. File IDs can be found in the id field of responses of APIs that return file attributes. You must URL-encode the paths. The APIs & Tools page in the Qumulo Core Web UI URL-encodes the paths. Yes
snapshot The snapshot ID that specifies the version of the filesystem to use. If not specified, use the head version. No

Response

Codes

Code Description
200 Return value on success

Schema

{
  "description": "api_files_acl_v2",
  "type": "object",
  "properties": {
    "control": {
      "description": "control",
      "type": "array",
      "items": {
        "type": "string",
        "enum": [
          "PRESENT",
          "DEFAULTED",
          "TRUSTED",
          "AUTO_INHERIT",
          "PROTECTED",
          "ACL_CONTROLS_ALL"
        ],
        "description": "control:\n * `ACL_CONTROLS_ALL` - All ACL controls,\n * `AUTO_INHERIT` - Set whether the ACL was created through inheritance,\n * `DEFAULTED` - Sets whether the ACL was established by default means,\n * `PRESENT` - Set when ACL is present on the object,\n * `PROTECTED` - Protects ACL from inherit operations,\n * `TRUSTED` - Set when ACL is provided by a trusted source"
      }
    },
    "posix_special_permissions": {
      "type": "array",
      "items": {
        "type": "string",
        "enum": [
          "STICKY_BIT",
          "SET_GID",
          "SET_UID"
        ],
        "description": "posix_special_permissions:\n * `SET_GID` - SET_GID,\n * `SET_UID` - SET_UID,\n * `STICKY_BIT` - STICKY_BIT"
      }
    },
    "aces": {
      "type": "array",
      "items": {
        "description": "aces",
        "type": "object",
        "properties": {
          "type": {
            "type": "string",
            "enum": [
              "ALLOWED",
              "DENIED"
            ],
            "description": "Type of this ACL entry:\n * `ALLOWED` - An ACL entry that grants rights,\n * `DENIED` - An ACL entry that denies rights"
          },
          "flags": {
            "description": "ACE flags for this ACL entry",
            "type": "array",
            "items": {
              "type": "string",
              "enum": [
                "OBJECT_INHERIT",
                "CONTAINER_INHERIT",
                "NO_PROPAGATE_INHERIT",
                "INHERIT_ONLY",
                "INHERITED",
                "ACE_FLAGS_ALL"
              ],
              "description": "ACE flags for this ACL entry:\n * `ACE_FLAGS_ALL` - All ACE flags,\n * `CONTAINER_INHERIT` - Children that are containers inherit as effective ACE,\n * `INHERITED` - Indicates the ACE was inherited,\n * `INHERIT_ONLY` - Indicates an inherit-only ACE that doesn't control access to the attached object,\n * `NO_PROPAGATE_INHERIT` - Prevent subsequent children from inheriting ACE,\n * `OBJECT_INHERIT` - Non-container children inherit as effective ACE. Container objects inherit as inherit-only ACE"
            }
          },
          "trustee": {
            "description": "Trustee for this ACL entry",
            "type": "object",
            "properties": {
              "domain": {
                "type": "string",
                "enum": [
                  "LOCAL",
                  "API_NULL_DOMAIN",
                  "WORLD",
                  "POSIX_USER",
                  "POSIX_GROUP",
                  "ACTIVE_DIRECTORY",
                  "API_INVALID_DOMAIN",
                  "API_RESERVED_DOMAIN",
                  "API_INTERNAL_DOMAIN",
                  "API_OPERATOR_DOMAIN",
                  "API_CREATOR_DOMAIN"
                ],
                "description": "domain:\n * `ACTIVE_DIRECTORY` - ACTIVE_DIRECTORY,\n * `API_CREATOR_DOMAIN` - API_CREATOR_DOMAIN,\n * `API_INTERNAL_DOMAIN` - API_INTERNAL_DOMAIN,\n * `API_INVALID_DOMAIN` - API_INVALID_DOMAIN,\n * `API_NULL_DOMAIN` - API_NULL_DOMAIN,\n * `API_OPERATOR_DOMAIN` - API_OPERATOR_DOMAIN,\n * `API_RESERVED_DOMAIN` - API_RESERVED_DOMAIN,\n * `LOCAL` - LOCAL,\n * `POSIX_GROUP` - POSIX_GROUP,\n * `POSIX_USER` - POSIX_USER,\n * `WORLD` - WORLD"
              },
              "auth_id": {
                "description": "auth_id",
                "type": "string"
              },
              "uid": {
                "description": "uid",
                "type": "number"
              },
              "gid": {
                "description": "gid",
                "type": "number"
              },
              "sid": {
                "description": "sid",
                "type": "string"
              },
              "name": {
                "description": "name",
                "type": "string"
              }
            }
          },
          "rights": {
            "description": "Rights granted or denied for this ACL entry",
            "type": "array",
            "items": {
              "type": "string",
              "enum": [
                "READ",
                "READ_EA",
                "READ_ATTR",
                "READ_ACL",
                "WRITE_EA",
                "WRITE_ATTR",
                "WRITE_ACL",
                "CHANGE_OWNER",
                "WRITE_GROUP",
                "DELETE",
                "EXECUTE",
                "MODIFY",
                "EXTEND",
                "ADD_FILE",
                "ADD_SUBDIR",
                "DELETE_CHILD",
                "SYNCHRONIZE",
                "ACCESS_RIGHTS_ALL"
              ],
              "description": "Rights granted or denied for this ACL entry:\n * `ACCESS_RIGHTS_ALL` - All access rights,\n * `ADD_FILE` - File creation access,\n * `ADD_SUBDIR` - Directory creation access,\n * `CHANGE_OWNER` - Owner write access,\n * `DELETE` - Delete access,\n * `DELETE_CHILD` - Delete from directory access,\n * `EXECUTE` - Execute access,\n * `EXTEND` - File extension access,\n * `MODIFY` - File modification access,\n * `READ` - File read access,\n * `READ_ACL` - ACL read access,\n * `READ_ATTR` - Attribute read access,\n * `READ_EA` - Extended attribute read access,\n * `SYNCHRONIZE` - File synchronize access,\n * `WRITE_ACL` - ACL write access,\n * `WRITE_ATTR` - Attribute write access,\n * `WRITE_EA` - Extended attribute write access,\n * `WRITE_GROUP` - Group write access"
            }
          }
        }
      }
    }
  }
}

PUT

Update file access control list (ACL).

Parameters

Name Description Required
ref The file ID or the absolute path to the file system object. File IDs can be found in the id field of responses of APIs that return file attributes. You must URL-encode the paths. The APIs & Tools page in the Qumulo Core Web UI URL-encodes the paths. Yes
If-Match ETag for expected version No

Request

Schema

{
  "description": "api_files_acl_v2",
  "type": "object",
  "properties": {
    "control": {
      "description": "control",
      "type": "array",
      "items": {
        "type": "string",
        "enum": [
          "PRESENT",
          "DEFAULTED",
          "TRUSTED",
          "AUTO_INHERIT",
          "PROTECTED",
          "ACL_CONTROLS_ALL"
        ],
        "description": "control:\n * `ACL_CONTROLS_ALL` - All ACL controls,\n * `AUTO_INHERIT` - Set whether the ACL was created through inheritance,\n * `DEFAULTED` - Sets whether the ACL was established by default means,\n * `PRESENT` - Set when ACL is present on the object,\n * `PROTECTED` - Protects ACL from inherit operations,\n * `TRUSTED` - Set when ACL is provided by a trusted source"
      }
    },
    "posix_special_permissions": {
      "type": "array",
      "items": {
        "type": "string",
        "enum": [
          "STICKY_BIT",
          "SET_GID",
          "SET_UID"
        ],
        "description": "posix_special_permissions:\n * `SET_GID` - SET_GID,\n * `SET_UID` - SET_UID,\n * `STICKY_BIT` - STICKY_BIT"
      }
    },
    "aces": {
      "type": "array",
      "items": {
        "description": "aces",
        "type": "object",
        "properties": {
          "type": {
            "type": "string",
            "enum": [
              "ALLOWED",
              "DENIED"
            ],
            "description": "Type of this ACL entry:\n * `ALLOWED` - An ACL entry that grants rights,\n * `DENIED` - An ACL entry that denies rights"
          },
          "flags": {
            "description": "ACE flags for this ACL entry",
            "type": "array",
            "items": {
              "type": "string",
              "enum": [
                "OBJECT_INHERIT",
                "CONTAINER_INHERIT",
                "NO_PROPAGATE_INHERIT",
                "INHERIT_ONLY",
                "INHERITED",
                "ACE_FLAGS_ALL"
              ],
              "description": "ACE flags for this ACL entry:\n * `ACE_FLAGS_ALL` - All ACE flags,\n * `CONTAINER_INHERIT` - Children that are containers inherit as effective ACE,\n * `INHERITED` - Indicates the ACE was inherited,\n * `INHERIT_ONLY` - Indicates an inherit-only ACE that doesn't control access to the attached object,\n * `NO_PROPAGATE_INHERIT` - Prevent subsequent children from inheriting ACE,\n * `OBJECT_INHERIT` - Non-container children inherit as effective ACE. Container objects inherit as inherit-only ACE"
            }
          },
          "trustee": {
            "description": "Trustee for this ACL entry",
            "type": "object",
            "properties": {
              "domain": {
                "type": "string",
                "enum": [
                  "LOCAL",
                  "API_NULL_DOMAIN",
                  "WORLD",
                  "POSIX_USER",
                  "POSIX_GROUP",
                  "ACTIVE_DIRECTORY",
                  "API_INVALID_DOMAIN",
                  "API_RESERVED_DOMAIN",
                  "API_INTERNAL_DOMAIN",
                  "API_OPERATOR_DOMAIN",
                  "API_CREATOR_DOMAIN"
                ],
                "description": "domain:\n * `ACTIVE_DIRECTORY` - ACTIVE_DIRECTORY,\n * `API_CREATOR_DOMAIN` - API_CREATOR_DOMAIN,\n * `API_INTERNAL_DOMAIN` - API_INTERNAL_DOMAIN,\n * `API_INVALID_DOMAIN` - API_INVALID_DOMAIN,\n * `API_NULL_DOMAIN` - API_NULL_DOMAIN,\n * `API_OPERATOR_DOMAIN` - API_OPERATOR_DOMAIN,\n * `API_RESERVED_DOMAIN` - API_RESERVED_DOMAIN,\n * `LOCAL` - LOCAL,\n * `POSIX_GROUP` - POSIX_GROUP,\n * `POSIX_USER` - POSIX_USER,\n * `WORLD` - WORLD"
              },
              "auth_id": {
                "description": "auth_id",
                "type": "string"
              },
              "uid": {
                "description": "uid",
                "type": "number"
              },
              "gid": {
                "description": "gid",
                "type": "number"
              },
              "sid": {
                "description": "sid",
                "type": "string"
              },
              "name": {
                "description": "name",
                "type": "string"
              }
            }
          },
          "rights": {
            "description": "Rights granted or denied for this ACL entry",
            "type": "array",
            "items": {
              "type": "string",
              "enum": [
                "READ",
                "READ_EA",
                "READ_ATTR",
                "READ_ACL",
                "WRITE_EA",
                "WRITE_ATTR",
                "WRITE_ACL",
                "CHANGE_OWNER",
                "WRITE_GROUP",
                "DELETE",
                "EXECUTE",
                "MODIFY",
                "EXTEND",
                "ADD_FILE",
                "ADD_SUBDIR",
                "DELETE_CHILD",
                "SYNCHRONIZE",
                "ACCESS_RIGHTS_ALL"
              ],
              "description": "Rights granted or denied for this ACL entry:\n * `ACCESS_RIGHTS_ALL` - All access rights,\n * `ADD_FILE` - File creation access,\n * `ADD_SUBDIR` - Directory creation access,\n * `CHANGE_OWNER` - Owner write access,\n * `DELETE` - Delete access,\n * `DELETE_CHILD` - Delete from directory access,\n * `EXECUTE` - Execute access,\n * `EXTEND` - File extension access,\n * `MODIFY` - File modification access,\n * `READ` - File read access,\n * `READ_ACL` - ACL read access,\n * `READ_ATTR` - Attribute read access,\n * `READ_EA` - Extended attribute read access,\n * `SYNCHRONIZE` - File synchronize access,\n * `WRITE_ACL` - ACL write access,\n * `WRITE_ATTR` - Attribute write access,\n * `WRITE_EA` - Extended attribute write access,\n * `WRITE_GROUP` - Group write access"
            }
          }
        }
      }
    }
  }
}

Response

Codes

Code Description
200 Return value on success

Schema

{
  "description": "api_files_acl_v2",
  "type": "object",
  "properties": {
    "control": {
      "description": "control",
      "type": "array",
      "items": {
        "type": "string",
        "enum": [
          "PRESENT",
          "DEFAULTED",
          "TRUSTED",
          "AUTO_INHERIT",
          "PROTECTED",
          "ACL_CONTROLS_ALL"
        ],
        "description": "control:\n * `ACL_CONTROLS_ALL` - All ACL controls,\n * `AUTO_INHERIT` - Set whether the ACL was created through inheritance,\n * `DEFAULTED` - Sets whether the ACL was established by default means,\n * `PRESENT` - Set when ACL is present on the object,\n * `PROTECTED` - Protects ACL from inherit operations,\n * `TRUSTED` - Set when ACL is provided by a trusted source"
      }
    },
    "posix_special_permissions": {
      "type": "array",
      "items": {
        "type": "string",
        "enum": [
          "STICKY_BIT",
          "SET_GID",
          "SET_UID"
        ],
        "description": "posix_special_permissions:\n * `SET_GID` - SET_GID,\n * `SET_UID` - SET_UID,\n * `STICKY_BIT` - STICKY_BIT"
      }
    },
    "aces": {
      "type": "array",
      "items": {
        "description": "aces",
        "type": "object",
        "properties": {
          "type": {
            "type": "string",
            "enum": [
              "ALLOWED",
              "DENIED"
            ],
            "description": "Type of this ACL entry:\n * `ALLOWED` - An ACL entry that grants rights,\n * `DENIED` - An ACL entry that denies rights"
          },
          "flags": {
            "description": "ACE flags for this ACL entry",
            "type": "array",
            "items": {
              "type": "string",
              "enum": [
                "OBJECT_INHERIT",
                "CONTAINER_INHERIT",
                "NO_PROPAGATE_INHERIT",
                "INHERIT_ONLY",
                "INHERITED",
                "ACE_FLAGS_ALL"
              ],
              "description": "ACE flags for this ACL entry:\n * `ACE_FLAGS_ALL` - All ACE flags,\n * `CONTAINER_INHERIT` - Children that are containers inherit as effective ACE,\n * `INHERITED` - Indicates the ACE was inherited,\n * `INHERIT_ONLY` - Indicates an inherit-only ACE that doesn't control access to the attached object,\n * `NO_PROPAGATE_INHERIT` - Prevent subsequent children from inheriting ACE,\n * `OBJECT_INHERIT` - Non-container children inherit as effective ACE. Container objects inherit as inherit-only ACE"
            }
          },
          "trustee": {
            "description": "Trustee for this ACL entry",
            "type": "object",
            "properties": {
              "domain": {
                "type": "string",
                "enum": [
                  "LOCAL",
                  "API_NULL_DOMAIN",
                  "WORLD",
                  "POSIX_USER",
                  "POSIX_GROUP",
                  "ACTIVE_DIRECTORY",
                  "API_INVALID_DOMAIN",
                  "API_RESERVED_DOMAIN",
                  "API_INTERNAL_DOMAIN",
                  "API_OPERATOR_DOMAIN",
                  "API_CREATOR_DOMAIN"
                ],
                "description": "domain:\n * `ACTIVE_DIRECTORY` - ACTIVE_DIRECTORY,\n * `API_CREATOR_DOMAIN` - API_CREATOR_DOMAIN,\n * `API_INTERNAL_DOMAIN` - API_INTERNAL_DOMAIN,\n * `API_INVALID_DOMAIN` - API_INVALID_DOMAIN,\n * `API_NULL_DOMAIN` - API_NULL_DOMAIN,\n * `API_OPERATOR_DOMAIN` - API_OPERATOR_DOMAIN,\n * `API_RESERVED_DOMAIN` - API_RESERVED_DOMAIN,\n * `LOCAL` - LOCAL,\n * `POSIX_GROUP` - POSIX_GROUP,\n * `POSIX_USER` - POSIX_USER,\n * `WORLD` - WORLD"
              },
              "auth_id": {
                "description": "auth_id",
                "type": "string"
              },
              "uid": {
                "description": "uid",
                "type": "number"
              },
              "gid": {
                "description": "gid",
                "type": "number"
              },
              "sid": {
                "description": "sid",
                "type": "string"
              },
              "name": {
                "description": "name",
                "type": "string"
              }
            }
          },
          "rights": {
            "description": "Rights granted or denied for this ACL entry",
            "type": "array",
            "items": {
              "type": "string",
              "enum": [
                "READ",
                "READ_EA",
                "READ_ATTR",
                "READ_ACL",
                "WRITE_EA",
                "WRITE_ATTR",
                "WRITE_ACL",
                "CHANGE_OWNER",
                "WRITE_GROUP",
                "DELETE",
                "EXECUTE",
                "MODIFY",
                "EXTEND",
                "ADD_FILE",
                "ADD_SUBDIR",
                "DELETE_CHILD",
                "SYNCHRONIZE",
                "ACCESS_RIGHTS_ALL"
              ],
              "description": "Rights granted or denied for this ACL entry:\n * `ACCESS_RIGHTS_ALL` - All access rights,\n * `ADD_FILE` - File creation access,\n * `ADD_SUBDIR` - Directory creation access,\n * `CHANGE_OWNER` - Owner write access,\n * `DELETE` - Delete access,\n * `DELETE_CHILD` - Delete from directory access,\n * `EXECUTE` - Execute access,\n * `EXTEND` - File extension access,\n * `MODIFY` - File modification access,\n * `READ` - File read access,\n * `READ_ACL` - ACL read access,\n * `READ_ATTR` - Attribute read access,\n * `READ_EA` - Extended attribute read access,\n * `SYNCHRONIZE` - File synchronize access,\n * `WRITE_ACL` - ACL write access,\n * `WRITE_ATTR` - Attribute write access,\n * `WRITE_EA` - Extended attribute write access,\n * `WRITE_GROUP` - Group write access"
            }
          }
        }
      }
    }
  }
}