The zendhqctl access Module
The zendhqctl access command is available for ZendHQ Role Management. Use it to manage users, groups, and services of your ZendHQ installation.
Managing groups
| Command | Description |
| zendhqctl access group add <group> [--permissions {permission mask}] | Create a group with optional permissions |
| zendhqctl access group set-permissions <group> <permission mask> | Set the group permission mask |
| zendhqctl access group list | List the defined groups |
| zendhqctl access group print <group> | List the permissions for the group |
| zendhqctl access group enable <group> | Enable a given group |
| zendhqctl access group disable <group> | Disable a given group |
| zendhqctl access group remove <group> | Remove a given group |
| zendhqctl access group add-user <group> <user>[,user...] | Add one or more users to a group |
| zendhqctl access group remove-user <group> <user>[,user...] | Remove one or more users from a group |
The zendhqctl access group command
Manages Role-Based Access Control groups
USAGE:
zendhqctl access group SUBCOMMAND [FLAGS]
SUBCOMMANDS:
add GROUP [--comment|-c COMMENT] [--permissions|-p PERMISSIONS [SERVICE[,SERVICE...]]]Add a GROUP, optionally with the given COMMENT, optionally with the given PERMISSIONS mask for either all the services, or for a given SERVICE, or for a comma-separated list of SERVICEs.
add-user GROUP USER[,USER...]Add a USER or a comma-separated list of USERs to the given GROUP.
comment GROUP COMMENTSet a COMMENT for the given GROUP.
disable GROUPDisable the given GROUP.
enable GROUPEnable the given GROUP.
listList all the defined groups.
print GROUPList the permissions of the GROUP.
remove GROUPRemove the given GROUP.
remove-user GROUP USER[,USER...]Remove a USER, or a comma-separated list of USERs, from the given GROUP
set-permissions GROUP [+-]PERMISSIONS [SERVICE[,SERVICE...]]Set the PERMISSIONS mask of a GROUP for either all the services, or for a given SERVICE, or for a comma-separated list of SERVICEs.
PERMISSIONS is either zero or more letters from the set rwx (read, write, execute) for the new permission bits, or an octal number representing the same bit pattern. Derive the octal number (0-7) by adding up the bits with values 4 (r), 2 (w), and 1 (x). The operator + adds permissions to the existing permission bits; the operator - removes them. For a tutorial, see Linux file permissions explained (redhat.com).
Default: To set the permissions for all services, leave SERVICE blank.
Examples: set-permissions admins -rwx zray
Managing users
| Command | Description |
| zendhqctl access user add <user> [--password|-p {password}] [--group|-g {group}] [--disable] | Add a user |
| zendhqctl access user add-group <user> <group>[,group...] | Add a user to one or more groups |
| zendhqctl access user remove-group <user> <group>[,group...] | Remove a user from one or more groups |
| zendhqctl access user password <user> [--password|-p {password}] | Change the password for a user |
| zendhqctl access user disable <user> | Disable access for the user |
| zendhqctl access user enable <user> | Enable access for the user |
| zendhqctl access user remove <user> | Remove the user |
The zendhqctl access user command
Manages Role-Based Access Control users
USAGE:
zendhqctl access user SUBCOMMAND [FLAGS]
SUBCOMMANDS:
add USER [--comment|-c COMMENT]
[--password|-p PASSWORD
[--group|-g GROUP[,GROUP...]]
[--disable|-d]
Add a user named USER, optionally with the given COMMENT and PASSWORD. Optionally add the USER to a GROUP or to a comma-separated list of GROUPs. Optionally disable the USER. Creating the USER without a PASSWORD also disables the user until a password is set using the password subcommand.
add-group USER GROUP[,GROUP...]Add the given USER to a GROUP or a comma-separated list of GROUPs.
comment USER COMMENTSet a COMMENT for the given USER.
disable USERDisable the given USER.
enable USEREnable the given USER.
listList all the defined USERs.
password USER [PASSWORD]Change the password for the user. If the PASSWORD is omitted, the command prompts for a new password. To clear the current password and disable the user, set the password to an empty string.
print USERList active permissions of the given USER.
remove USERRemove the given USER.
remove-group USER GROUP[,GROUP...]Remove the given USER from a GROUP, or a comma-separated list of GROUPS.
Managing services
| Command | Description |
| zendhqctl access service list | List all services |
| zendhqctl access service print <service> | Print service details |
| zendhqctl access service set-permissions <group>[,group...] <permission mask> [service...] | Set permissions for a service |
The zendhqctl access service command
Manages Role-Based Access Control services
USAGE:
zendhqctl access service SUBCOMMAND [FLAGS]
SUBCOMMANDS:
-
listList the valid names of all services.
-
Configuration Service: conf
Access to this configuration service is necessary, for example, to view monitoring rule definitions. -
Z-Ray Service: zray
-
Code Tracing Service: ct
-
Monitoring Service: mon
-
Job Queue Service: jq
-
-
print SERVICEPrint all SERVICE details.
-
set-permissions SERVICE [+-]PERMISSIONS GROUP[,GROUP...]Set the PERMISSIONS mask for a SERVICE for a GROUP or for a comma-separated list of GROUPs.
PERMISSIONS is either zero or more letters from the set rwx (read, write, execute) for the new permission bits, or an octal number representing the same bit pattern. Derive the octal number (0-7) by adding up the bits with values 4 (r), 2 (w), and 1 (x). The operator + adds permissions to the existing permission bits; the operator - removes them. For a tutorial, see Linux file permissions explained (redhat.com).