Package com.azure.storage.file.datalake.models

Class PathAccessControlEntry

java.lang.Object
com.azure.storage.file.datalake.models.PathAccessControlEntry
public class PathAccessControlEntry extends Object
POSIX access control rights on files and directories.

The value is a comma-separated list of access control entries, each access control entry (ACE) consists of four elements in the format "[scope:][type]:[id]:[permissions]":

  • Scope
  • Type
  • User or Group Identifier (AAD ObjectId)
  • Permissions

The scope must be "default" to indicate the ACE belongs to the default Access Control List (ACL) for a directory; otherwise scope is implicit and the ACE belongs to the access ACL.

There are four ACE types:

  • "user": grants rights to the owner or a named user
  • "group" grants rights to the owning group or a named group
  • "mask" restricts rights granted to named users and the members of groups
  • "other" grants rights to all users not found in any of the other entries

The user or group identifier is omitted for entries of type "mask" and "other". The user or group identifier is also omitted for the owner and owning group.

The permission field is a 3-character sequence where the first character is 'r' to grant read access, the second character is 'w' to grant write access, and the third character is 'x' to grant execute permission. If access is not granted, the '-' character is used to denote that the permission is denied.

For example, the following ACL grants read, write, and execute rights to the file owner and john.doe@contoso, the read right to the owning group, and nothing to everyone else: "user::rwx,user:john.doe@contoso:rwx,group::r--,other::---,mask::rwx".

  • Constructor Details

    • PathAccessControlEntry

      public PathAccessControlEntry()
      Initializes an empty instance of PathAccessControlEntry. Constructs an empty instance of RolePermissions for the permissions field.

  • Method Details

    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class Object

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • parse

      public static PathAccessControlEntry parse(String str)
      Parses the provided string into a List&lt{@link PathAccessControlEntry}&gt.

      Must be of the format "[scope:][type]:[id]:[permissions]".

      Parameters:
      str - The string representation of the ACL.
      Returns:
      The deserialized list.
      Throws:
      IllegalArgumentException - if the String provided does not match the format.

    • serializeList

      public static String serializeList(List<PathAccessControlEntry> acl)
      Converts the Access Control List to a String. The format is specified in the description of this type.
      Parameters:
      acl - The Access Control List to serialize.
      Returns:
      A String representing the serialized Access Control List

    • parseList

      public static List<PathAccessControlEntry> parseList(String str)
      Deserializes an ACL to the format "user::rwx,user:john.doe@contoso:rwx,group::r--,other::---,mask=rwx"
      Parameters:
      str - The String representation of the ACL.
      Returns:
      The ACL deserialized into a java.util.List

    • isInDefaultScope

      public boolean isInDefaultScope()
      Returns whether this ACE is in the default scope.
      Returns:
      true if in the default scope and false otherwise.

    • getAccessControlType

      public AccessControlType getAccessControlType()
      Returns the AccessControlType for this entry.
      Returns:
      The AccessControlType for this entry.

    • getEntityId

      public String getEntityId()
      The Azure AAD Object ID or User Principal Name that is associated with this entry.
      Returns:
      The entity for which this entry applies.

    • getPermissions

      public RolePermissions getPermissions()
      Returns the symbolic form of the permissions for this entry.
      Returns:
      The RolePermissions for this entry.

    • setDefaultScope

      public PathAccessControlEntry setDefaultScope(boolean defaultScope)
      Sets whether this entry is the default for a directory.
      Parameters:
      defaultScope - true to set as the default scope and false otherwise.
      Returns:
      The updated PathAccessControlEntry object.

    • setAccessControlType

      public PathAccessControlEntry setAccessControlType(AccessControlType accessControlType)
      Sets the AccessControlType for this entry.
      Parameters:
      accessControlType - The AccessControlType for this entry.
      Returns:
      The updated PathAccessControlEntry object.

    • setEntityId

      public PathAccessControlEntry setEntityId(String entityId)
      Sets the entity ID to which this entry will apply. Must be null if the type is AccessControlType.MASK or AccessControlType.OTHER or if the user is the owner or the group is the owning group. Must be a valid Azure AAD Object ID or User Principal Name.
      Parameters:
      entityId - The entity to which this entry will apply.
      Returns:
      The updated PathAccessControlEntry object.

    • setPermissions

      public PathAccessControlEntry setPermissions(RolePermissions permissions)
      Sets the permissions for this entry.
      Parameters:
      permissions - RolePermissions to set for this entry.
      Returns:
      The updated PathAccessControlEntry object.