ACL object
Use the access control list (ACL) object to set and control user access for other resources.
Purpose
Use the access control list (ACL) object to set and control user access for the following objects:
- AddOns
- For more information about Add-ons, see Add-ons.
- EnvironmentProfiles
- For more information about environment profiles, see Environment profiles.
- Fixes
- For more information about fixes, see Emergency fix.
- Patterns
- For more information about patterns, see Virtual system patterns.
- Scripts
- For more information about scripts, see Script package.
- VirtualAppliances
- For more information about virtual appliances, see Virtual appliances.
- Virtual images
- For more information about virtual images, see Virtual images.
ACL object
The ACL object represents the ACL associated with a system
resource. The system manages access to resources with a hierarchical set of permissions. These
permissions are represented by constants in the PureApplication Software package. From the least access to
greatest access, these permissions are:
- NO_PERMISSIONS
- The user or group cannot access the resource.
- READ_PERMISSION
- The user or group can view the resource and use it in a read-only manner, but cannot alter the resource.
- UPDATE_PERMISSION
- In addition to viewing and using the resource, the user or group is permitted to alter the resource.
- CREATE_PERMISSION
- Typically applied to collections of resources, with this permission the user or group can create new resources.
- DELETE_PERMISSION, ALL_PERMISSION
- The user or group is granted full access to the resource.
ACL objects
are accessed using the ACL property
of the resource to which they apply, as shown in the following example:
>>> mypattern = deployer.patterns[0]
>>> mypattern.acl
{
(group Everyone): all,
(user cbadmin): all
}
ACL methods
The ACL object provides the following methods:
- check(entity)
- Queries the system to determine what permissions the specified user or group has been granted to
the resource associated with this ACL. The following example shows this method:
>>> deployer.patterns[0].acl.check(deployer.self())
- __contains__(item)
- Indicates if a specific permission has been defined for the specified
user or group, as shown in the following example:
>>> deployer.everyone() in deployer.virtualimages[0].acl
- __delitem__(key)
- Removes any explicit permissions set for the specified user or
group for this resource. This method is called implicitly by the Jython del statement,
as shown in the following example:
>>> user = deployer.users['user2'][0] >>> del deployer.patterns[0].acl[user]
Note: The user might still have access to this resource through a user group to which the user belongs. - __getitem__(key)
- Returns the permission explicitly set for the specified user or
group for this resource. This method is started implicitly when a
user or group is used as an index to an ACL, as shown in the following
example:
>>> deployer.virtualimages[0].acl[deployer.everyone()]
Note: This method considers only permissions that have been explicitly granted. To determine the level of access a user has within the groups to which the user belongs, use the check() method instead. - __iter__()
- This method is started implicitly when you reference an ACL object in a context that requires iterating
over all the entries. This method is also started implicitly when
you are explicitly passing the ACL object
to the Jython iter() function. The following example
shows this method:
>>> for userorgroup in myvirtualsystem.acl: ... print userorgroup.name
- __len__()
- Returns the number of permissions explicitly set for this resource,
as shown in the following example:
>>> len(deployer.scripts[0].acl)
- refresh()
- Refreshes the cached ACL entries with current data from the system.
- __repr__()
- This method is started implicitly by Jython when an expression
entered in interactive mode returns an ACL or when an ACL is passed
the Jython repr() function. It returns a string
representation of the resource. The following example shows this
method being implicitly started:
>>> deployer.scripts[0].acl
- __setitem__(key, value)
- Sets an explicit ACL for the specified user or group. This method
is started implicitly when you use the []= construct,
as shown in the following example:
The value specified inside the square brackets must be a User or Group object. The value to the right of the equal sign must be one of the following values:>>> myscript.acl[deployer.everyone()] = deployer.READ_PERMISSION
- deployer.NO_PERMISSIONS
- deployer.READ_PERMISSION
- deployer.UPDATE_PERMISSION
- deployer.CREATE_PERMISSION
- deployer.DELETE_PERMISSION
- deployer.ALL_PERMISSIONS
- __str__()
- Returns a string representation of this ACL. This method is started
implicitly by Jython when a resource object is used as a value in
a string formatting operation. This method is also started implicitly
by Jython when it is passed as a parameter to the Jython str() function.
The following example shows this method:
>>> print 'Here is the ACL: %s' % deployer.patterns[0].acl >>> str(deployer.patterns[1].acl)
- __unicode__()
- Returns a string representation of this ACL. This method is started
implicitly by Jython when a resource object is used as a value in
a string formatting operation. This method is also started implicitly
when it is passed as a parameter to the Jython unicode() function.
The following example shows this method:
>>> print 'Here is the ACL: %s' % deployer.patterns[0].acl >>> str(deployer.patterns[1].acl)
For more information about working with resource objects, see the Related concepts section.