The following specifications apply to the dicfg merge and dicfg restore commands for ACLs (limits, deletes, audit_trigger, audit_column):
- Delete action with a value only deletes that value. For example, a delete for "Milk" with limits = Product Family("Cheese","Milk") results in Product Family("Cheese").
- Delete action with a value for the only existing entry results in limit being deleted. For example, a delete for "Cheese" with limits = Product Family("Cheese")results in no limit list.
- Delete action with an empty value deletes the entire list. For example, a delete with limits = Product Family("Cheese","Milk")results in no limit list.
- Delete action with an empty string value ("") deletes that value. For example, a delete with "" and limits = Product Family("Cheese","")results in Product Family("Cheese").
- Update action with a value updates the value. For example, an update with "Milk" and limits = Product Family("Cheese") results in Product Family("Cheese","Milk").
- Update action with an empty value does nothing and does not log a failure.
- Update action with an empty string value ("") adds that value. For example, an update with "" and limits = Product Family("Cheese") results in Product Family("Cheese","").
TIP: When configured, dicfg merge removes limits but does not delete the default ACL entry. This means that once the limits are removed, users have access to all records. If this is not the intended consequence, be sure to also run the following command as appropriate:
DICFG DELETE DEFAULT_ACL -OBJECT xxx -USER xxx
NOTE: In Version 6.4(32) and later, the limit arrays are in a new storage location in the ACL file: limits_subobj. When reading an ACL entry, if the new attribute limits_subobj is empty or absent, the DiveLine server falls back on the limits attribute. When writing an ACL entry, if the limits list is empty, the DiveLine server deletes both the limits_subobj and limits attributes. This prevents corruption of ACL entries with unintentionally empty limit lists.
Log Files
For each cfg file read by the merge or restore command, a log file is created.
- DiveLine_Users.cfg > DiveLine_Users.log
- DiveLine_Groups.cfg > DiveLine_Groups.log
- DiveLine_ACL.cfg > DiveLine_ACL.log
- DiveLine_Passwords.cfg > DiveLine_Passwords.log
The log file has two columns User and Action. For example:
| User | Action |
|---|---|
| Bob | added |
| Carol | deleted |
| Donna | updated |
Log File Content
The log files action entries are informational—they describe what action was taken and any errors that occurred. Possible entries are:
For removing users:
- Deleted
- Failed to delete
- User does not exist
For adding or updating users:
- Added
- Failed to add
- Updated
- Failed to clear groups
- Failed to remove user from group
- Failed to create home directory
For groups, with delete:
- Removed
- Failed to remove user from group
For groups, with add or update:
- Added
- Failed to add user to group
For ACLs, with delete:
- Deleted
- Failed to update ACL
For ACLS, with add or update:
- Updated
- Failed to update ACL
For passwords:
- Changed password
See also:
- Notes on ACL Updates with Merge and Restore
- Flat Configuration File Format
- Save Command
- Merge Command
- Restore Command