pw acl allow

The pw acl allow command grants (allows) read/write access to CIs for specified user groups. 
 The syntax for the command is as follows:

Run this command with any combination of the following options:

• help — Prints a help message

• -r — Used to specify a Read group name. For example: ReadUg1

  Warning

  Note

  To add multiple Read groups to Local Read Level Security, the -r option must be specified multiple times.
  At least one -r or -w option must be specified.

• -w — Used to specify a Write group name. For example:, WriteUg1

  Warning

  Note

  To add multiple Write groups to Local Write Level Security, the -w option must be specified multiple times.
  At least one -r or -w option must be specified.

• -p — (Optional) Used to preview the modification before it is actually made.

• -o— Stores CSV-formatted preview output in a specified file.

  Warning

  Note

  The -o option is valid only when -p is specified. The CIs are listed on the console unless -p is specified.

• -ci — Used to specify criteria to find CIs. CI criteria search keywords are as follows:

CI criteria search keywords

Users can specify multiple search keywords according to which to search the CI lists:

• anyacl=<group name> — Finds CIs with any of the BMC ProactiveNet, CMDB Read or Write ACLs containing the specified group name
• fromfile=<input file name> — Finds CIs from a specific file. The input file must contain the mc_udid of each CI on which allow/deny/list operations are to be performed. Each mc_udid must be specified in a separate line in the file
• id=<mcudid> — Finds a CI with a particular mc_udid
• localracl=<group name> — Finds CIs with a BMC ProactiveNet Read ACL containing the specified group name
• localwacl=<group name> — Finds CIs with a BMC ProactiveNet Write ACL containing the specified group name
• name=<ci name> — Finds a CI with a particular name
• namehave=<search string> — Finds CIs with a name containing a specified string
• nolocalracl — Finds CIs without a BMC ProactiveNet Read ACL
• nolocalwacl — Finds CIs without a BMC ProactiveNet Write ACL
• nopublishedracl — Finds CIs without a CMDB Read ACL
• nopublishedwacl — Finds CIs without a CMDB Write ACL
• notenant — Finds CIs that are not associated with any tenants
• publishedracl=<group name> — Finds CIs with a CMDB Read ACL containing the specified group name
• publishedwacl=<group name> — Finds CIs with a CMDB Write ACL containing the specified group name
• tenant=<tenant name> — Finds CIs belonging to a specified tenant

Examples

• pw acl help — Displays help information about the pw acl command
• pw acl allow help — Displays help information about the pw acl allow subcommand
• pw acl allow -r UG2 -r UG3 -w UG4 -ci notenant -p — Lists a preview for ACLs of all CIs not associated with a tenant, but will not modify the CIs in the BMC ProactiveNet Cell. The preview shows the state of the ACLs when actual modification is done when you run the command without the -p option. Use the -o <FileName> option to store the preview to a CSV file.
• pw acl allow -r UG2 -r UG3 -w UG4 -ci notenant — Adds UG2, UG3 usergroup to Local Read ACL, and UG4 to Local Write ACL of all CIs not associated with the tenant. This command will result in modification of CIs in the BMC ProactiveNet Cell.

Output

Console Output Format
 If no file name is specified in the command (with the -o option), the output is displayed on the console. Due to limited space, only the following attributes are displayed:
mc_udid, Name, PNReadAcl, PNWriteAcl

CSV Format
 More attributes are available in CSV format, including:
mc_udid, Name, CLASS, PNReadAcl, PNWriteAcl, CmdbReadACl, CmbdWriteAcl