Enabling and Restricting Access to Tenant Volume and Data
Describes how to restrict access to tenant volumes in a multi-tenant environment.
About this task
In a multi-tenant environment, the tenant volume (share) can be accessed by all users on the tenant instance by default. To restrict access to specific users and/or groups:
Procedure
-
Log in to the cluster as the cluster administrator and set Access Control Expression (ACE)s on the volume using the volume
commands.
For example:
Here, value for <user> must be the UID of the user and value of <group> must be GID of the group on the tenant host./opt/mapr/bin/maprcli volume modify -name <volumename> -readAce "u:<user>|g:<group>" -writeAce "u:<user>|g:<group>"
TIPFor more information, seemaprcli volume modify
command. -
Log in as the tenant admin and set permissions for data access.
You can set permissions using:
- Linux commands such as
chmod
,chown
, and so on. - ACEs, which can be set on files and directories in the volume. For more information, see Enabling Volume, Directory, and File Authorizations with ACEs.
- Linux commands such as