acl-add - Add an Access Rule


acl-add ENDPOINT/PATH/ --perm {r|rw} OPTIONS


acl-add adds a new rule to the endpoint’s access control list (ACL).

A principal (to whom the rule applies) must be provided. Valid principal options are --identityid, --identityusername, --groupid, --all, and --anonymous.

acl-add may be called by the owner of the endpoint, or an "access_manager" assigned by the endpoint-role-add command.

PATH is assumed to be URL-encoded.

ENDPOINT can use these formats:

  • UUID: "7865988a-aeb3-4e55-b8cd-938c258e7854"

  • Legacy Name: "bob#test_endpoint". This contains the user who owns the endpoint and the endpoint legacy name.

  • Unqualified Legacy Name: "test_endpoint". The user name defaults to the current logged in user.

Tip:For comprehensive developer information about ACLs, see



Permission (Required): r (read only) or rw (read write)


Identity ID (UUID) to receive permission


Identity username to receive permission. This will be automatically resolved to an identity ID (UUID). Examples: "", ""


Group UUID to receive permission


Create a rule for all authenticated users


Create a rule for all users, including unauthenticated users


Send share notification email to this email address. Only allowed for the principal types --identityid and --identityusername.


Add a custom message to the notification email (optional). Requires --notify-email.


Share the /~/share/ directory with "", using read-only permissions:

$ acl-add bob#myep/~/share/ --identityusername --perm r

© 2010- The University of Chicago Legal