Question
Can I remove a Reseller Privilege from a Reseller via whmapi?
Answer
Removing an ACL from whmapi can only be done by applying an existing ACL List,
Per https://api.docs.cpanel.net/openapi/whm/operation/setacls/
We strongly recommend that WHM users create and edit ACLs and ACL privileges through WHM's Edit Reseller Nameservers and Privileges interface ( WHM >> Home >> Resellers >> Edit Reseller Nameservers and Privileges ).
However, this can be accomplished by creating an ACL List and applying it to the Reseller.
How to create an ACL List
To create a reseller ACL List via command line (for example, one with List Accounts and View Account Bandwidth Usage named 'my_acl_list', use the following command:
whmapi1 saveacllist acllist='my_acl_list' acl-list-accts=1 acl-show-bandwidth=1
---
metadata:
command: saveacllist
reason: ACL List my_acl_list saved.
result: 1
version: 1
and to confirm that the ACL List 'my_acl_list' was created successfully or to see what an existing ACL List has
whmapi1 listacls
---
data:
acl:
-
name: my_acl_list
privileges:
acct-summary: 0
add-pkg: 0
add-pkg-ip: 0
add-pkg-shell: 0
all: 0
allow-addoncreate: 0
allow-emaillimits-pkgs: 0
allow-parkedcreate: 0
allow-shell: 0
allow-unlimited-bw-pkgs: 0
allow-unlimited-disk-pkgs: 0
allow-unlimited-pkgs: 0
basic-system-info: 0
basic-whm-functions: 0
clustering: 0
cors-proxy-get: 0
cpanel-api: 0
cpanel-integration: 0
create-acct: 0
create-dns: 0
create-user-session: 0
demo-setup: 0
digest-auth: 0
edit-account: 0
edit-dns: 0
edit-mx: 0
edit-pkg: 0
file-restore: 0
generate-email-config: 0
kill-acct: 0
kill-dns: 0
limit-bandwidth: 0
list-accts: 1
list-pkgs: 0
locale-edit: 0
mailcheck: 0
manage-api-tokens: 0
manage-dns-records: 0
manage-oidc: 0
manage-styles: 0
mysql-info: 0
news: 0
ns-config: 0
park-dns: 0
passwd: 0
public-contact: 0
quota: 0
rearrange-accts: 0
resftp: 0
restart: 0
show-bandwidth: 1
ssl: 0
ssl-buy: 0
ssl-gencrt: 0
ssl-info: 0
stats: 0
status: 0
suspend-acct: 0
thirdparty: 0
track-email: 0
upgrade-account: 0
viewglobalpackages: 0
wp-toolkit: 0
metadata:
command: listacls
reason: OK
result: 1
version: 1
Suppose we want to remove the ability to View Account Bandwidth Usage you would run the command:
whmapi1 saveacllist acllist='my_acl_list' acl-list-accts=1 acl-show-bandwidth=0
---
metadata:
command: saveacllist
reason: ACL List my_acl_list saved.
result: 1
version: 1
And to make sure the ACL Privileges were applied properly to the ACL List 'my_acl_list', run the following command:
whmapi1 listacls
---
data:
acl:
-
name: my_acl_list
privileges:
acct-summary: 0
add-pkg: 0
add-pkg-ip: 0
add-pkg-shell: 0
all: 0
allow-addoncreate: 0
allow-emaillimits-pkgs: 0
allow-parkedcreate: 0
allow-shell: 0
allow-unlimited-bw-pkgs: 0
allow-unlimited-disk-pkgs: 0
allow-unlimited-pkgs: 0
basic-system-info: 0
basic-whm-functions: 0
clustering: 0
cors-proxy-get: 0
cpanel-api: 0
cpanel-integration: 0
create-acct: 0
create-dns: 0
create-user-session: 0
demo-setup: 0
digest-auth: 0
edit-account: 0
edit-dns: 0
edit-mx: 0
edit-pkg: 0
file-restore: 0
generate-email-config: 0
kill-acct: 0
kill-dns: 0
limit-bandwidth: 0
list-accts: 1
list-pkgs: 0
locale-edit: 0
mailcheck: 0
manage-api-tokens: 0
manage-dns-records: 0
manage-oidc: 0
manage-styles: 0
mysql-info: 0
news: 0
ns-config: 0
park-dns: 0
passwd: 0
public-contact: 0
quota: 0
rearrange-accts: 0
resftp: 0
restart: 0
show-bandwidth: 0
ssl: 0
ssl-buy: 0
ssl-gencrt: 0
ssl-info: 0
stats: 0
status: 0
suspend-acct: 0
thirdparty: 0
track-email: 0
upgrade-account: 0
viewglobalpackages: 0
wp-toolkit: 0
metadata:
command: listacls
reason: OK
result: 1
version: 1
Please note: that to "edit" an existing ACL List, it is necessary to include all of the relevant ACLs each time. The "default" for an ACL in an ACL List is "0."
After creating the ACL List 'my_acl_list', you will want to apply the ACL List to the reseller with the following command:
whmapi1 setacls reseller='user' acllist=' my _ acl _ list'
Please note that per https://api.docs.cpanel.net/openapi/whm/operation/setacls/
Warning:
Functions should either use this parameter (acllist) or a combination of the acl-*
parameters (such as acl-list-accts=1 acl-show-bandwidth=1). Do not include both in a single function.
For more information on the possible ACL Privileges that can be set in an ACL List or for a Reseller, please refer to the documentation below
https://documentation.cpanel.net/display/DD/Guide+to+WHM+Plugins+-+ACL+Reference+Chart
For more information on how to apply an individual ACL Privilege to a Reseller without an ACL List, please refer to the following article.
How to Update Reseller ACLs using the WHM API
We've opened an internal case for our development team to investigate possible improvements to simplify this process. For reference, the case number is CPANEL-36643. Follow this article to receive an email notification when a solution is published in the product.