Development Guides Home >> Guide to WHM Plugins

Guide to WHM Plugins - ACL Reference Chart

Introduction

cPanel & WHM ships with a default list of Access Control Lists (ACLs) and privileges. You can assign ACLs and privileges to WHM users in WHM's Edit Reseller Nameservers and Privileges interface (WHM >> Home >> Resellers >> Edit Reseller Nameservers and Privileges).

Available ACLs

Note:

In the tables below, the Feature limit column lists the privilege's name in WHM's Edit Reseller Nameservers and Privileges interface (WHM >> Home >> Resellers >> Edit Reseller Nameservers and Privileges).

Basic privileges

The following table lists the ACLs for basic privileges and the API functions that use these ACLs:

ACL	Privilege type	Feature limit	Associated WHM API 1 functions	Description
`acct-summary`	Initial Privileges	Account Summary	`accountsummary` `acctcounts` `domainuserdata` `get_domain_info`	View an account's summary.
`basic-system-info`	Initial Privileges	Basic System Information	`gethostname` `get_public_ip` `get_shared_ip` `systemloadavg` `version`	Retrieve basic system information.
`basic-whm-functions`	Initial Privileges	Basic WHM Functions	`applist` `batch` `get_available_applications` `myprivs` `personalization_get` `personalization_set`	Access basic cPanel & WHM options.
`connected-applications`	Initial Privileges	Configure connected external applications	`fetch_connected_application` `list_connected_applications` `remove_connected_application` `save_connected_application`	Manage connections to external applications.
`cors-proxy-get`	Third-Party Services	Allow CORS HTTP Requests	`cors_proxy_get`	Perform Cross-Origin Resource Sharing (CORS) HTTP requests.
`cpanel-api`	Initial Privileges	Perform cPanel API and UAPI functions through the WHM API	N/A	Execute cPanel API 1, cPanel API 2, and UAPI functions via WHM.
`cpanel-integration`	Manage cPanel Integration Links	cPanel Integration	`create_integration_group` `create_integration_link` `get_integration_link_user_config` `list_integration_groups` `list_integration_links` `remove_integration_group` `remove_integration_link` `update_integration_link_token`	Manage how a server and its services connect to other servers and services.
`create-user-session`	Initial Privileges	Create User Session	`create_user_session` `get_users_links`	Create a new temporary user session for a specified service. Note: This privilege allows an API token user to bypass any restrictions on the API token.
`digest-auth`	Initial Privileges	Digest Authentication	`has_digest_auth` `set_digest_auth`	Manage Digest Authentication support.
`generate-email-config`	Initial Privileges	Generate Mobile Email Configurations	`generate_mobileconfig`	Generate a mobile configuration profile for an email account.
`list-pkgs`	Initial Privileges	List Packages	`get_feature_metadata` `get_feature_names` `getpkginfo` `listpkgs` `matchpkgs`	View existing hosting plans (packages).
`manage-api-tokens`	Initial Privileges	Manage API Tokens	`accesshash` `api_token_create` `api_token_get_details` `api_token_list` `api_token_revoke` `api_token_update` `get_remote_access_hash`	Manage API tokens. Note: This privilege allows an API token user to bypass any restrictions on the API token.
`manage-dns-records`	Initial Privileges	Manage DNS Records	`activate_zone_key` `add_zone_key` `addzonerecord` `deactivate_zone_key` `disable_dnssec_for_domains` `dumpzone` `editzonerecord` `enable_dnssec_for_domains` `export_zone_dnskey` `export_zone_files` `export_zone_key` `fetch_ds_records_for_domains` `getzonerecord` `import_zone_key` `listzones` `parse_dns_zone` `remove_zone_key` `removezonerecord` `resetzone` `set_nsec3_for_domains` `unset_nsec3_for_domains`	Manage DNS records.
`manage-oidc`	Initial Privileges	Manage OpenID Connect	`get_available_authentication_providers` `get_users_authn_linked_accounts` `link_user_authn_provider` `unlink_user_authn_provider`	Manage external authentication for accounts.
`mysql-info`	Account Management	MySQL Information	`has_mycnf_for_cpuser` `list_mysql_databases_and_users`	Retrieve MySQL® database and user data.
`ns-config`	Initial Privileges	Nameserver Configuration	`get_nameserver_config` `getresellerips` `lookupnsip` `lookupnsips` `resolvedomainname` `setresellernameservers`	Manage nameserver records.
`public-contact`	Initial Privileges	Public Contact Information	`get_public_contact` `set_public_contact`	Retrieve or set the public contact information for cPanel accounts.
`ssl-info`	Initial Privileges	SSL Information	`fetch_ssl_vhosts` `fetch_vhost_ssl_components` `fetchcrtinfo` `get_best_ssldomain_for_service` `listcrts`	View SSL information.
`track-email`	Initial Privileges	Track Email	`emailtrack_search` `emailtrack_stats` `emailtrack_user_stats`	Retrieve email delivery records.

Standard privileges

The following table lists the ACLs for standard privileges and the API functions that use these ACLs:

ACL	Privilege type	Feature limit	Associated WHM API 1 functions	Description
`list-accts`	Account Information	List Accounts	`get_current_users_count` `get_disk_usage` `getdomainowner` `get_maximum_users` `listaccts` `list_users` `uapi_cpanel`	View the list of accounts on a server.
`show-bandwidth`	Account Information	View Account Bandwidth Usage	`showbw`	View bandwidth usage statistics.
`create-acct`	Account Management	Create Accounts	`_getpkgextensionform` `createacct` `get_password_strength` `twofactorauth_generate_tfa_config` `twofactorauth_get_issuer` `twofactorauth_get_user_configs` `twofactorauth_policy_status` `twofactorauth_remove_user_config` `twofactorauth_set_issuer` `twofactorauth_set_tfa_config` `verify_new_username` `verify_new_username_for_restore` `verify_user_has_feature`	Create cPanel accounts and set up 2FA (Two-Factor Authentication) on them.
`kill-acct`	Account Management	Terminate Accounts	`removeacct`	Delete cPanel accounts.
`suspend-acct`	Account Management	Suspend/Unsuspend Accounts	`hold_outgoing_email` `listsuspended` `release_outgoing_email` `suspendacct` `suspend_outgoing_email` `unsuspendacct` `unsuspend_outgoing_email`	Suspend and unsuspend cPanel accounts.
`upgrade-account`	Account Management	Upgrade/Downgrade Accounts	`changepackage`	Modify an account's hosting plan (package).
`ssl`	Account Management	SSL Site Management	`delete_ssl_vhost` `enqueue_deferred_ssl_installations` `fetch_ssl_certificates_for_fqdns` `fetchsslinfo` `generatessl` `installssl` `rebuild_mail_sni_config` `rebuilduserssldb` `set_primary_servername`	Modify SSL information for cPanel accounts.
`ssl-buy`	Account Management	Purchase SSL Certificates	N/A	Purchase SSL certificates.
`ssl-gencrt`	Account Management	SSL CSR/Certificate Generator	`generatessl`	Generate CSRs and SSL certificates.
`edit-mx`	Account Management	Edit MX Entries	`listmxs` `savemxs`	Modify MX entries.
`passwd`	Account Management	Change Passwords	`forcepasswordchange` `get_password_strength` `passwd`	This privilege allows a reseller to change account passwords and allow users to log in without an API token.
`file-restore`	Account Management	File and Directory Restoration	N/A	Restore items from local backup sources.
`create-dns`	DNS	Add DNS Zones	`adddns`	Add DNS zones.
`kill-dns`	DNS	Remove DNS Zones	`killdns`	Delete DNS zones.
`park-dns`	DNS	Park DNS Zones	`create_parked_domain_for_user`	Park DNS zones.
`edit-dns`	DNS	Edit DNS Zones	`mass_edit_dns_zone`	Edit DNS zones.
`add-pkg`	Packages	Add/Remove Packages	`addpkg` `create_featurelist` `delete_featurelist` `get_featurelist_data` `get_featurelists` `killpkg` `update_featurelist`	Create or delete hosting plans (packages).
`edit-pkg`	Packages	Edit Packages	`addpkgext` `delpkgext` `editpkg`	Modify existing hosting plans (packages).
`thirdparty`	Third-Party Services	Manage Third-Party Services	N/A	Manage third-party services (for example, plugins or cPAddons).
`mailcheck`	Troubleshooting	Troubleshoot Mail Delivery	N/A	Access WHM's Mail Troubleshooter interface (WHM >> Home >> Email >> Mail Troubleshooter).
`news`	cPanel Management	News Modification	N/A	Modify news in WHM's Modify cPanel & WHM News interface (WHM >> Home >> cPanel >> Modify cPanel & WHM News).
`assign-root-account-enhancements`	Package Access	Use Root Account Enhancements	`assign_account_enhancement` `list_account_enhancements` `unassign_account_enhancement`	Allow the reseller to assign, list, or unassign Account Enhancements on their cPanel account.

Package privileges

The following table lists the ACLs for package privileges and the API functions that use these ACLs:

ACL name	Privilege type	Feature limit	Associated WHM API 1 functions	Description
`allow-shell`	Accounts	Allow Creation of Accounts with Shell Access	N/A	Allow account creation with shell access.
`viewglobalpackages`	Package Access	Use Root Packages	`addpkg` `editpkg`	Allow the reseller to use all global packages. For more information, read our reseller packages documentation.
`allow-addoncreate`	Package Creation	Create Packages with Addon Domains	`addpkg` `editpkg`	Create hosting plans (packages) that include addon domains.
`allow-parkedcreate`	Package Creation	Create Packages with Parked (Alias) Domains	`addpkg` `editpkg`	Create hosting plans (packages) that include parked domains (aliases).
`add-pkg-ip`	Package Creation	Create Packages with a Dedicated IP Address	`addpkg` `editpkg`	Create hosting plans (packages) that include a dedicated IP address.
`add-pkg-shell`	Package Creation	Create Packages with Shell Access	`addpkg` `editpkg`	Create hosting plans (packages) that grant shell access.
`allow-unlimited-pkgs`	Package Creation	Create Packages with Unlimited Features	`addpkg` `editpkg`	Set an unlimited quota on one or more package settings.
`allow-emaillimits-pkgs`	Package Creation	Create Packages with Custom Email Limits	`addpkg` `editpkg`	Create hosting plans (packages) with email quotas that are not the default quotas.
`allow-unlimited-disk-pkgs`	Package Creation	Create Packages with Unlimited Disk Usage	`addpkg` `editpkg`	Create packages with an unlimited disk quota.
`allow-unlimited-bw-pkgs`	Package Creation	Create Packages with Unlimited Bandwidth	`addpkg` `editpkg`	Create packages with unlimited bandwidth.

Additional software

The following table lists the ACLs for additional software and the API functions that use these ACLs:

ACL name	Privilege type	Feature limit	Associated API functions	Description
`software-imunify360`	Additional Software	Third-Party Services	N/A	Access Imunify360 plugin.
`wp-toolkit`	Additional Software	WP Toolkit	N/A	Access WP Toolkit.

Global privileges

The following table lists the ACLs for global privileges and the API functions that use these ACLs:

ACL name	Privilege type	Feature limit	Associated API functions	Description
`status`	Server Information	View Server Status	`servicestatus`	View the interfaces in WHM's Server Status section (WHM >> Home >> Server Status).
`stats`	Server Information	View Server Information	`installed_versions`	View WHM's Server Information interface (WHM >> Home >> Server Status >> Server Information).
`restart`	Services	Restart Services	`restartservice`	Restart services on the server.
`resftp`	Troubleshooting	Resynchronize FTP Passwords	N/A	Access WHM's Synchronize FTP Passwords interface (WHM >> Home >> cPanel >> Synchronize FTP Passwords).

Super privileges

The following table lists the ACLs for super privileges and the API functions that use these ACLs:

ACL name	Privilege type	Feature limit	Associated WHM API 1 functions	Description
`edit-account`	Account Management	Account Modification	`add_override_features_for_user` `massmodifyacct` `modifyacct` `remove_override_features_for_user`	Modify accounts.
`limit-bandwidth`	Account Management	Bandwidth Limit Modification	`limitbw`	Modify account bandwidth limits.
`quota`	Account Management	Quota Modification	`editquota`	Modify account quotas.
`demo-setup`	Account Management	Set an Account to be a Demo Account	N/A	Enable demo mode for an account.
`rearrange-accts`	Advanced Account Management	Rearrange Accounts	`abort_transfer_session` `convert_addon_fetch_conversion_details` `convert_addon_fetch_domain_details` `convert_addon_get_conversion_status` `convert_addon_initiate_conversion` `convert_addon_list_addon_domains` `convert_addon_list_conversions` `enqueue_transfer_item` `fetch_transfer_session_log` `get_transfer_session_state` `pause_transfer_session` `start_transfer_session` `transfer_module_schema`	Rearrange accounts on the server to increase available disk space.
`clustering`	Clustering	DNS Clustering	`add_configclusterserver` `batch` `cluster_member_has_trust_with` `configureservice` `gethostname` `installed_versions` `list_configclusterservers` `restartservice` `servicestatus` `set_nameserver` `version`	Configure DNS clusters.
`locale-edit`	Locales	Modify & Create Locales	N/A	Create and modify locales on the server.

root privileges

The following table lists the ACLs for root privileges and the API functions that use these ACLs:

ACL	Privilege type	Feature limit	Associated WHM API 1 functions	Description
`all`	Everything	All Features	All WHM API 1 functions.	The reseller possesses `root`-level privileges on the server and can execute all WHM API 1 functions.