IBM Streams 4.3.0

streamtool setdomainacl

The streamtool setdomainacl command changes the permissions for an object in an IBM® Streams domain.

Usage

Read syntax diagramSkip visual syntax diagram
setdomainacl

>>-+-----------------------+--+---------+----------------------->
   '-+- -d----------+--did-'  +- -h-----+   
     '- --domain-id-'         '- --help-'   

>--+-----------------+--+---------------------+----------------->
   '- --trace--level-'  '-+- -U-----+--userid-'   
                          '- --User-'             

>--+-----------------------+------------------------------------>
   '-+- -v--------+--level-'   
     '- --verbose-'            

>--| Non-interactive tool options |--permission--object--------><

Non-interactive tool options

    (1)                                    
|--------+-----------------------------+------------------------|
         +- --embeddedzk---------------+   
         |               .-,---------. |   
         |               V           | |   
         '- --zkconnect----host:port-+-'   
Notes:
  1. The non-interactive tool options are not supported in the interactive streamtool interface.

Authority

You must have write authority for the config domain object. By default, the DomainAdministrator role has this authority. For more information about access control lists, see streamtool getdomainacl.

Description

You must identify an IBM Streams object, the user, group, or role to which the new access control setting applies, and one or more privileges that you want to add, remove, or replace.

Options and arguments

-d, --domain-id did
Specifies the domain identifier.

If you do not specify this option, IBM Streams uses the domain name that is set in the STREAMS_DOMAIN_ID environment variable. By default, that domain name is StreamsDomain. If you are using the interactive streamtool interface, it uses the name of the active domain for the current streamtool session or else it prompts you for the domain name.

The active domain for the current streamtool session is set every time that you successfully run a streamtool command with a -d or --domain-id option. Alternatively, you can run the streamtool domain command in the interactive interface.

--embeddedzk

Specifies to use the embedded copy of ZooKeeper. This option is not supported within the interactive streamtool interface.

If you are not using the interactive streamtool interface and you do not specify either this option or the --zkconnect option, IBM Streams uses the ZooKeeper connection that is associated with the active domain or the domain that is specified in the --domain-id option. IBM Streams determines which connection maps to the domain by using cached information about the domains. In this scenario, if the domain identifier is not unique in the IBM Streams configuration cache, the command fails.

-h, --help
Specifies to show the command syntax.
object
Specifies an IBM Streams object, which must be one of the following values:
  • config
  • domain
  • hosts
  • instances
  • system-log
permission
Specifies the privileges that you want to add, remove, or replace for an IBM Streams object. The command uses the following format for the permission argument: [default:]{u|user|g|group|r|role}:name{+,-,:}{rwsado}. The keywords and variables have the following meanings:
default:
Specifies the default permission values to be used when child objects that are added to this object are initialized. For example, the jobs object uses this setting to grant default permissions to new jobs as they are added to the system.

If you do not specify this keyword, the command sets the access permissions for the object instead of its default permissions.

u, user, g, group, r, role
Specifies whether the name is a user, a group, or a role.
name
Specifies the name of the user, group, or role.
+, -, :
Specifies whether the command adds (+) or removes (-), or replaces (:) the specified permissions.
rwsado
Specifies the permission settings to set, remove, or add. You can specify one or more of the following permission settings: read (r), write (w), search (s), add (a), delete (d), or own (o).
--trace level
Specifies the trace setting. The following valid levels are listed in order of increasing verbosity, which is to say that the first level in the list generates the least amount of information:
  • off
  • error
  • warn
  • info
  • debug
  • trace
The default value is off.
-U, --User userid
Specifies an IBM Streams user ID that has authority to run the command.
-v,--verbose level
Specifies to provide more detailed command output. The verbosity level can be 0-3, where 0 disables detailed reporting and each increment provides more detailed output.
--zkconnect host:port

The name of one or more host and port pairs that specify the configured ZooKeeper servers. This option is not supported within the interactive streamtool interface.

If you are not using the interactive streamtool interface and you do not specify this option, IBM Streams tries to use:
  1. The --embeddedzk option
  2. The value from the STREAMS_ZKCONNECT environment variable
  3. A ZooKeeper connection string that is derived from cached information about the current domain.

Examples

The following command sets the add privilege and ownership of the hosts object to the user analyst2 in the domain mydomain: 
[streamtool <bsmith@mydomain>]
setdomainacl u:analyst2+ao hosts
The following command removes the add privilege and ownership of the hosts object from the user analyst2 in the domain mydomain: 
[streamtool <bsmith@mydomain>]
setdomainacl u:analyst2-ao hosts
Parent topic: Streamtool commands
Related concepts:
User authorization for IBM Streams
Related reference:
streamtool getdomainacl
streamtool lsdomainacl