Enabling and Restricting Access to Tenant Volume and Data

Describes how to restrict access to tenant volumes in a multi-tenant environment.

About this task

In a multi-tenant environment, the tenant volume (share) can be accessed by all users on the tenant instance by default. To restrict access to specific users and/or groups:

Procedure

  1. Log in to the cluster as the cluster administrator and set Access Control Expression (ACE)s on the volume using the volume commands.
    For example:
    /opt/mapr/bin/maprcli volume modify -name <volumename> -readAce "u:<user>|g:<group>" -writeAce "u:<user>|g:<group>"
    Here, value for <user> must be the UID of the user and value of <group> must be GID of the group on the tenant host.
    TIP
    For more information, see maprcli volume modify command.
  2. Log in as the tenant admin and set permissions for data access.
    You can set permissions using: