NAME

acl-add - Add an Access Rule

SYNOPSIS

acl-add ENDPOINT/PATH/ --perm {r|rw} OPTIONS

DESCRIPTION

acl-add adds a new rule to the endpoint’s access control list (ACL).

A principal (to whom the rule applies) must be provided. Valid principal options are --identityid, --identityusername, --groupid, --all, and --anonymous.

acl-add may be called by the owner of the endpoint, or an "access_manager" assigned by the endpoint-role-add command.

PATH is assumed to be URL-encoded.

ENDPOINT can use these formats:

  • UUID: "7865988a-aeb3-4e55-b8cd-938c258e7854"

  • Legacy Name: "bob#test_endpoint". This contains the user who owns the endpoint and the endpoint legacy name.

  • Unqualified Legacy Name: "test_endpoint". The user name defaults to the current logged in user.

Tip:For comprehensive developer information about ACLs, see https://docs.globus.org/api/transfer/acl/

OPTIONS

--perm=PERM

Permission (Required): r (read only) or rw (read write)

--identityid=ID

Identity ID (UUID) to receive permission

--identityusername=USERNAME

Identity username to receive permission. This will be automatically resolved to an identity ID (UUID). Examples: "bob@uchicago.edu", "mary@globusid.org"

--groupid=GROUPID

Group UUID to receive permission

--all

Create a rule for all authenticated users

--anonymous

Create a rule for all users, including unauthenticated users

--notify-email=EMAIL_ADDRESS

Send share notification email to this email address. Only allowed for the principal types --identityid and --identityusername.

--notify-message=MESSAGE

Add a custom message to the notification email (optional). Requires --notify-email.

EXAMPLES

Share the /~/share/ directory with "alice@uchicago.edu", using read-only permissions:

$ acl-add bob#myep/~/share/ --identityusername alice@uchicago.edu --perm r

© 2010- The University of Chicago Legal