| Watch Folders and the Aspera Watch Service | 210
To view the permissions policies that are assigned to a user, run the following command:
# curl -k --user node_api_user:node_api_password -X GET https://
localhost:9092/access_control/users/username/policies
To view the users that are assigned to a permissions policy, run the following command:
# curl -k --user node_api_user:node_api_password -X GET https://
localhost:9092/access_control/policies/policy_id/users
Editing Policies
To edit a policy, create a JSON configuration file as if you were creating a new policy, but do not include the "id".
Run the following command to update the policy:
# curl -k --user node_api_user:node_api_password -X PUT -d @path/to/
json_file https://localhost:9092/access_control/policies/policy_id
To retrieve the configuration of an existing policy, run the following command:
# curl -k --user node_api_user:node_api_password -X GET https://
localhost:9092/access_control/policies/policy_id
Note: The policy name ("id") cannot be edited. To change the name, create a new policy.
Updating the Docroot or Restriction of a Running Watch Folder Service
If aswatchfolderadmin returns the error code err=28672 when you try to create a Watch Folder, confirm
that the user's docroot or restriction allows access to the source directory specified in the JSON configuration
file. You might have specified a destination that is not permitted by the docroot or restriction of the user running
asperawatchfolderd, or you may have no docroot configured at all.
These instructions describe how to retrieve the docroot or restriction configuration for the user and update the docroot
or restriction, if necessary. The configuration change automatically triggers asperawatchd that is associated with the
user to restart.
1.
Run the following command to retrieve the docroot or restriction setting for the user:
# /opt/aspera/bin/asuserdata -u username | grep "absolute"
# /opt/aspera/bin/asuserdata -u username | grep "restriction"
• If no docroot is configured for the user, no output is returned. Proceed to the next step to set a docroot or
restriction.
• If a docroot is configured, the command returns output similar to the following:
canonical_absolute: "/"
absolute: "/"
• If a restriction is configured, the command returns output similar to the following:
file_restriction: "file:////*"
If the user's docroot or restriction does not permit access to the source folder, proceed to the next step to update the
docroot.
2.
Configure a docroot or restriction for the user.
Docroots and path restrictions limit the area of a file system or object storage to which the user has access. Users
can create Watch Folders and Watch services on files or objects only within their docroot or restriction.
To Next Page
Loading...
Need help?
General