ACL contents

XML has a single top-level accessControlList element. JSON has a corresponding unnamed top-level object. All ACLs must contain this entry in their body. The top-level entry contains the entries listed in the table below.

Entry Valid values Description
grant N/A

Container for grantee and permissions entries. Identifies one user or one group of users and the permissions granted to that user or group.

An ACL can contain up to one thousand grant entries.

grantee N/A

Child of grant entry. Container for name, type, and domain entries.

name

One of:

The username of a user that’s defined in HCP.

The username of an Active Directory user account. This can be either the user principal name or the Security Accounts Manager (SAM) account name for the AD user account.

The name of an Active Directory group.

all_users.

authenticated.

Specifies the user or group of users to which the ACL grants permissions.

HCP has two special groups that you can specify in an ACL:

all_users — Grants permissions to all users

authenticated — Grants permissions to all authenticated users

To grant permissions to one of these special groups, specify group in the type entry and omit the domain entry.

HCP returns an HTTP 400 (Bad Request) error code if a user or group is specified in more than one name entry.

type

One of:

user — The name entry specifies an HCP or Active Directory user account

group — The name entry specifies an Active Directory group, all_users, or authenticated

Specifies the type of the value specified in the name entry.

HCP returns an HTTP 400 (Bad Request) error code if the value of the type entry doesn’t correspond to the value of the name entry.

domain

The name of an Active Directory domain

Specifies the Active Directory domain that contains the user account or group specified in the name entry.

This entry is required if the name entry specifies an Active Directory user account or group.

permissions N/A

Container for any combination of permission entries.

permission

Any of:

READ

WRITE

READ_ACL

WRITE_ACL

DELETE

Child of permissions entry. Specifies the permissions granted to the user or group specified in the name entry.

For more information these permissions, see ACL permissions.

Trademark and LegalDisclaimer

© 2015 Hitachi Data Systems Corporation. All rights reserved.