admin acl Command Group¤
List, create, delete and modify and review access conditions.
With this command group, you can manage and inspect access conditions in eccenca Corporate Memory. Access conditions are identified by a URL. They grant access to knowledge graphs or actions to user or groups.
admin acl list¤
List access conditions.
This command retrieves and lists all access conditions, which are manageable by the current account.
Options
admin acl inspect¤
Inspect an access condition.
Note
access conditions can be listed by using the acl list
command.
admin acl create¤
Create an access condition.
With this command, new access conditions can be created.
An access condition captures information about WHO gets access to WHAT. In order to specify WHO gets access, use the --user
and / or --group
options. In order to specify WHAT an account get access to, use the --read-graph
, --write-graph
and --action
options.`
In addition to that, you can specify a name, a description and an ID (all optional).
A special case are dynamic access conditions, based on a SPARQL query: Here you have to provide a query with the projection variables user
, group
readGraph
and writeGraph
to create multiple grants at once. You can either provide a query file or a query URL from the query catalog.
Note
Queries for dynamic access conditions are copied into the ACL, so changing the query in the query catalog does not change it in the access condition.
Options
--user TEXT A specific user account required by the access
condition.
--group TEXT A membership in a user group required by the access
condition.
--read-graph TEXT Grants read access to a graph.
--write-graph TEXT Grants write access to a graph (includes read access).
--action TEXT Grants usage permissions to an action / functionality.
--query TEXT Dynamic access condition query (file or the query
catalog IRI).
--id TEXT An optional ID (will be an UUID otherwise).
--name TEXT A optional name.
--description TEXT An optional description.
admin acl update¤
Update an access condition.
Given an access condition URL, you can change specific options to new values.
Options
--name TEXT A optional name.
--description TEXT An optional description.
--user TEXT A specific user account required by the access
condition.
--group TEXT A membership in a user group required by the access
condition.
--read-graph TEXT Grants read access to a graph.
--write-graph TEXT Grants write access to a graph (includes read access).
--action TEXT Grants usage permissions to an action / functionality.
--query TEXT Dynamic access condition query (file or the query
catalog IRI).
admin acl delete¤
Delete access conditions.
This command deletes existing access conditions from the account.
Note
Access conditions can be listed by using the cmemc admin acs list
command.
admin acl review¤
Review grants for a given account.
This command has two working modes: (1) You can review the access conditions of an actual account, (2) You can review the access conditions of an imaginary account with a set of freely added groups (what-if-scenario).
The output of the command is a list of grants the account has based on your input and all access conditions loaded in the store. In addition to that, some metadata of the account is shown.