}}

About assigning permissions

To assign permissions:

  1. Obtain the strings that correspond to the permission/action you want to assign.

  2. Assign the permission:

Obtaining the permission strings

Refer to the following sections to determine and obtain the permission strings that you need.

Assigning permissions via the DC/OS web interface

Note: When using the DC/OS web interface to manage permissions, you can create and assign the permission in one step.

  1. Log into the DC/OS web interface as a user with superuser permissions.

  2. Click to open one of the following:

    • System -> Organization -> Users tab
    • System -> Organization -> Groups tab
  3. Click the name of the user or group you want to assign the permission to.

  4. Click Add Permission.

  5. Click Insert Permission String to toggle the dialog.

  6. Paste the permission string into the Object field.

  7. Paste the action string into the adjacent field.

  8. Click Add Permission.

  9. Click Close.

  10. Log out and log back in as your new user to verify the permissions.

Assigning permissions via the API

Note: When managing permissions via the API, you must first create the permission and then assign it. Sometimes the permission may already exist. In this event, the API returns an informative message and you can proceed to assign it.

Prerequisites:

  1. You must first create the permission, as shown in the following example.

    $ curl -X PUT --cacert dcos-ca.crt -H "Authorization: token=$(dcos config show core.dcos_acs_token)" $(dcos config show core.dcos_url)/acs/api/v1/acls/<resource-string> -d '{"description":"<description>"}' -H 'Content-Type: application/json'
    
  2. Use one of the following curl commands to grant the permission.
    • To a user:
      $ curl -X PUT --cacert dcos-ca.crt -H "Authorization: token=$(dcos config show core.dcos_acs_token)" $(dcos config show core.dcos_url)/acs/api/v1/acls/<resource-string>/users/<user-name>/<action-string>
      
    • To a group:
      $ curl -X PUT --cacert dcos-ca.crt -H "Authorization: token=$(dcos config show core.dcos_acs_token)" $(dcos config show core.dcos_url)/acs/api/v1/acls/<resource-string>/groups/<group-name>/<action-string>