CLI ACL editor
The dhconfig acls command-line tool allows administrators to manage users, groups, passwords, keys, and table ACLs. This page covers common tasks; see the dhconfig acls reference for complete documentation.
Quick reference
| Task | Command |
|---|---|
| List users | dhconfig acls users list |
| Create user | dhconfig acls users add --name username |
| Delete user | dhconfig acls users delete --name username |
| Set password | dhconfig acls users set-password --name username |
| List groups | dhconfig acls groups list |
| Add user to group | dhconfig acls groups add-member --name username --group groupname |
| Import public key | dhconfig acls publickeys import -f /path/to/key.txt |
| Export all ACLs | dhconfig acls export --file /tmp/acls.xml |
All commands should be run as irisadmin:
User management
Create a user
Create a user and add to groups:
List users
Delete a user
Note
System users (iris, merge, tdcp) cannot be deleted.
Set a password
Interactive (prompts for password):
Non-interactive (using hashed password):
Warning
Specifying passwords on the command line may store them in shell history.
Remove a password
Removes local password, requiring external authentication (LDAP/SAML):
Group management
List groups
Add users to groups
Remove users from groups
Delete a group
Table ACLs
Add a row ACL
Note
Use shell quoting for ACL expressions containing special characters.
Add a column ACL
List table ACLs
See Table ACLs for detailed information on row and column access control.
Import and export
Export ACL data
Export all ACLs to XML:
Export specific types:
Import ACL data
Import with different conflict handling:
Warning
The --replace-all option deletes all existing ACL data before importing.
Related documentation
- dhconfig acls reference - Complete command reference
- Authentication keys - Key-based authentication
- Web ACL editor - Web-based ACL management
- Table ACLs - Row and column access control
- Permissions overview