When a user requests access to a file or directory, the request is authorized based on previously retrieved user information unless the user's time to live (TTL) has expired. If the TTL has expired, then a fresh provider query is performed and the request is authorized (or not) according to the newly updated records. An exception is if the cluster is unable to reach all providers to refresh the user, in which case the cached user information is used even if the TTL has expired.
The user refresh feature enables you to refresh a specific user at any time. This can be useful immediately after making a change to the user on an authorization provider. A typical example is when a user has been newly added to a group that has permission to files and directories that previously the user did not have permission to access.
Immediately refreshing the user can help a user gain immediate access to previously restricted files, rather than waiting until the TTL has expired. The TTL for a user is 30 mins.
User refresh is available in the VAST CLI.
To refresh a user, run the
user refresh command from the VAST CLI.
vcli: admin> user refresh --uid 1000