|
| 1 | +## neofs-cli acl extended create |
| 2 | + |
| 3 | +Create extended ACL from the text representation |
| 4 | + |
| 5 | +### Synopsis |
| 6 | + |
| 7 | +Create extended ACL from the text representation. |
| 8 | + |
| 9 | +Rule consist of these blocks: <action> <operation> [<filter1> ...] [<target1> ...] |
| 10 | + |
| 11 | +Action is 'allow' or 'deny'. |
| 12 | + |
| 13 | +Operation is an object service verb: 'get', 'head', 'put', 'search', 'delete', 'getrange', or 'getrangehash'. |
| 14 | + |
| 15 | +Filter consists of <typ>:<key><match><value> |
| 16 | + Typ is 'obj' for object applied filter or 'req' for request applied filter. |
| 17 | + Key is a valid unicode string corresponding to object or request header key. |
| 18 | + Well-known system object headers start with '$Object:' prefix. |
| 19 | + User defined headers start without prefix. |
| 20 | + Read more about filter keys at github.com/nspcc-dev/neofs-api/blob/master/proto-docs/acl.md#message-eaclrecordfilter |
| 21 | + Match is: |
| 22 | + '=' for string equality or, if no value, attribute absence; |
| 23 | + '!=' for string inequality; |
| 24 | + '>' | '>=' | '<' | '<=' for integer comparison. |
| 25 | + Value is a valid unicode string corresponding to object or request header value. Numeric filters must have base-10 integer values. |
| 26 | + |
| 27 | +Target is |
| 28 | + 'user' for container owner, |
| 29 | + 'system' for Storage nodes in container and Inner Ring nodes, |
| 30 | + 'others' for all other request senders, |
| 31 | + 'pubkey:<key1>,<key2>,...' for exact request sender, where <key> is a hex-encoded 33-byte public key, DEPRECATED, |
| 32 | + 'address:<adr1>,<adr2>,...' for exact request sender, where <adr> is a base58 25-byte address. Example: NSiVJYZej4XsxG5CUpdwn7VRQk8iiiDMPM. |
| 33 | + |
| 34 | +When both '--rule' and '--file' arguments are used, '--rule' records will be placed higher in resulting extended ACL table. |
| 35 | + |
| 36 | + |
| 37 | +``` |
| 38 | +neofs-cli acl extended create [flags] |
| 39 | +``` |
| 40 | + |
| 41 | +### Examples |
| 42 | + |
| 43 | +``` |
| 44 | +neofs-cli acl extended create --cid EutHBsdT1YCzHxjCfQHnLPL1vFrkSyLSio4vkphfnEk -f rules.txt --out table.json |
| 45 | +neofs-cli acl extended create --cid EutHBsdT1YCzHxjCfQHnLPL1vFrkSyLSio4vkphfnEk -r 'allow get obj:Key=Value others' -r 'deny put others' -r 'deny put obj:$Object:payloadLength<4096 others' -r 'deny get obj:Quality>=100 others' |
| 46 | +``` |
| 47 | + |
| 48 | +### Options |
| 49 | + |
| 50 | +``` |
| 51 | + --cid string Container ID. |
| 52 | + -f, --file string Read list of extended ACL table records from text file |
| 53 | + -h, --help help for create |
| 54 | + -o, --out string Save JSON formatted extended ACL table in file |
| 55 | + -r, --rule stringArray Extended ACL table record to apply |
| 56 | +``` |
| 57 | + |
| 58 | +### Options inherited from parent commands |
| 59 | + |
| 60 | +``` |
| 61 | + -c, --config string Config file (default is $HOME/.config/neofs-cli/config.yaml) |
| 62 | + -v, --verbose Verbose output |
| 63 | +``` |
| 64 | + |
| 65 | +### SEE ALSO |
| 66 | + |
| 67 | +* [neofs-cli acl extended](neofs-cli_acl_extended.md) - Operations with Extended Access Control Lists |
| 68 | + |
0 commit comments