13.4. ACL Targets and Groups

⁠13.4. ACL Targets and Groups

ACL targets correspond to user accounts on the system.

Table 13.3. Properties of an ACL Target

Attribute	Description
`id`	The name of a user on the system (required)

ACL groups may be specified, but are not currently used by Pacemaker. This is expected to change in a future version.

⁠

Table 13.4. Properties of an ACL Group

Attribute	Description
`id`	The name of a group on the system (required)

Each acl_target and acl_group element may contain any number of role elements.

⁠

Table 13.5. Properties of an ACL Role Reference

Attribute	Description
`id`	The `id` of an `acl_role` element that specifies permissions granted to the enclosing target or group

Important

The root and hacluster user accounts always have full access to the CIB, regardless of ACLs. For other user accounts, when enable-acl is true, permission to all parts of the CIB is denied by default (permissions must be explicitly granted).