zendhqctl access command

The zendhqctl access command is available for ZendHQ Role Management. Use it to manage users, groups, and services.

Managing groups

Overview

zendhqctl access group add <group> [--permissions {permission mask}] # Create a group with optional permissions

zendhqctl access group set-permissions <group> <permission mask>     # Set the group permission mask

zendhqctl access group list                                          # List the defined groups

zendhqctl access group print <group>                                 # List the permissions for the group

zendhqctl access group enable <group>                                # Enable a given group

zendhqctl access group disable <group>                               # Disable a given group

zendhqctl access group remove <group>                                # Remove a given group

zendhqctl access group add-user <group> <user>                       # Add a user to a group

zendhqctl access group remove-user <group>[,group...] <user>         # Remove a user from one or more groups

zendhqctl access group

Manages Role-Based Access Control groups

USAGE:

zendhqctl access group SUBCOMMAND [FLAGS]

SUBCOMMANDS:

• add GROUP [--comment|-c COMMENT] [--permissions|-p PERMISSIONS [SERVICE[,SERVICE...]]]

  Add a GROUP, optionally with the given COMMENT, optionally with the given PERMISSIONS mask for either all the services, or for a given SERVICE, or for a comma-separated list of SERVICEs.

• add-user GROUP USER[,USER...]

  Add a USER or a comma-separated list of USERs to the given GROUP.

• comment GROUP COMMENT

  Set a COMMENT for the given GROUP.

• disable GROUP

  Disable the given GROUP.

• enable GROUP

  Enable the given GROUP.

• list

  List all the defined groups.

• print GROUP

  List the permissions of the GROUP.

• remove GROUP

  Remove the given GROUP.

• remove-user GROUP USER[,USER...]

  Remove a USER, or a comma-separated list of USERs, from the given GROUP

• set-permissions GROUP [+-]PERMISSIONS [SERVICE[,SERVICE...]]

  Set the PERMISSIONS mask of a GROUP for either all the services, or for a given SERVICE, or for a comma-separated list of SERVICEs.

  PERMISSIONS is either zero or more letters from the set rwx (read, write, execute) for the new permission bits, or an octal number representing the same bit pattern. Derive the octal number (0-7) by adding up the bits with values 4 (r), 2 (w), and 1 (x). The operator + adds permissions to the existing permission bits; the operator - removes them. For a tutorial, see Linux file permissions explained (redhat.com).

  Default: To set the permissions for all services, leave SERVICE blank.

  Examples: set-permissions admins -rwx zray

Managing users

Overview

zendhqctl access user add  [--password|-p {password}] [--group|-g {group}] [--disable] # Add a user

zendhqctl access user add-group <user>[,user...] <group>             # Add one or more users to a group

zendhqctl access user remove-group <user>[,user...] <group>          # Remove one or more users from a group

zendhqctl access user password <user> [--password|-p {password}]     # Change the password for a user

zendhqctl access user disable <user>                                 # Disable access for the user

zendhqctl access user enable <user>                                  # Enable access for the user

zendhqctl access user remove <user>                                  # Remove the user

zendhqctl access user

Manages Role-Based Access Control users

USAGE:

zendhqctl access user SUBCOMMAND [FLAGS]

SUBCOMMANDS:

add USER [--comment|-c COMMENT]
         [--password|-p PASSWORD
         [--group|-g GROUP[,GROUP...]]
         [--disable|-d]

Add a user named USER, optionally with the given COMMENT and PASSWORD. Optionally add the USER to a GROUP or to a comma-separated list of GROUPs. Optionally disable the USER. Creating the USER without a PASSWORD also disables the user until a password is set using the password subcommand.

• add-group USER GROUP[,GROUP...]

  Add the given USER to a GROUP or a comma-separated list of GROUPs.

• comment USER COMMENT

  Set a COMMENT for the given USER.

• disable USER

  Disable the given USER.

• enable USER

  Enable the given USER.

• list

  List all the defined USERs.

• password USER [PASSWORD]

  Change the password for the user. If the PASSWORD is omitted, the command prompts for a new password. To clear the current password and disable the user, set the password to an empty string.

• print USER

  List active permissions of the given USER.

• remove USER

  Remove the given USER.

• remove-group USER GROUP[,GROUP...]

  Remove the given USER from a GROUP, or a comma-separated list of GROUPS.

Managing services

Overview

zendhqctl access service list                                        # List all services

zendhqctl access service print <service>                             # Print service details

zendhqctl access service set-permissions <group>[,group...] <permission mask> [service...] # Set permissions for a service

zendhqctl access service

Manages Role-Based Access Control services

USAGE:

zendhqctl access service SUBCOMMAND [FLAGS]

SUBCOMMANDS:

• list

  List the valid names of all services.

  • Configuration Service: conf
    Access to this configuration service is necessary, for example, to view monitoring rule definitions.

  • Z-Ray Service: zray

  • Code Tracing Service: ct

  • Monitoring Service: mon

  • Job Queue Service: jq

• print SERVICE

  Print all SERVICE details.

• set-permissions SERVICE [+-]PERMISSIONS GROUP[,GROUP...]

  Set the PERMISSIONS mask for a SERVICE for a GROUP or for a comma-separated list of GROUPs.

  PERMISSIONS is either zero or more letters from the set rwx (read, write, execute) for the new permission bits, or an octal number representing the same bit pattern. Derive the octal number (0-7) by adding up the bits with values 4 (r), 2 (w), and 1 (x). The operator + adds permissions to the existing permission bits; the operator - removes them. For a tutorial, see Linux file permissions explained (redhat.com).