Adding Field Permissions to a JSON Table Column Family
Explains how to add fields and field permissions to a column family for a specified JSON table using the Control System.
About this task
Use the Control System to add field permissions to an existing table with a column
family.
NOTE
Field and field permissions can be used
with and assigned to only JSON tables.Procedure
-
Log into the Control System using your login credentials. The Control System
Overview page appears.
NOTEThis option is not available on the Kubernetes version of the Control System.
- Click Tables page appears. from the top of the page. The
- Select the JSON table needing field permissions added from the Recently Viewed Tables pane or enter the path to the needed table in the available field, and then click Go. The table information page of the selected table appears.
- Click the Column Families tab. A page showing column family information appears.
- Click the name of column family (under the All pane) to which field permissions are to be added, and then click Field Permission at the top of the Edit Column Family page. A new page appears showing existing fields, if any, in the left pane. If none, the FIELD AUTHORIZATION - ACCESS CONTROL EXPRESSION pane allows you to add a field to the column family.
-
Click Add Field (if displayed) to add a field. The
default
Field
description appears in the Field Name field. -
Replace the
Field
entry in the Field Name field by entering a new name for the new field, as applicable. -
Click the Data Masking pull-down menu (shown near to top
of the page in the right pane), and then select one of the following data
masking options, as needed:
- Replace all alpha characters with an X and numeric characters with 0,
- Show only the last 4 characters. Replace all other characters with an 'x',
- Show only the first 4 characters. Replaces all other characters with an 'x',
- Show only the first 6 and last 4 characters. Replaces other characters with an 'x',
- Show the first and last 2 chars of username and part of domain,
- Show the hash of the data, or
- Shows only the year portion of the date and default everything else to Jan 1 and 00:00:00
- None
-
Set user access control permissions for the currently selected field by doing
one of the following:
- Select Basic, and then select a user type from the Type pull-dow menu, enter a name for the user type in the Name field, and check data access permissions, as needed.
- Select Advanced, and then enter the permission
details, and, if necessary, click (the pencil icon) to open the
Edit Data Access Control Expression window to
select additional permission definitions. See Defining ACEs Using the Access Control Expression Builder for more information.NOTEThe AUTHORIZATION - ACCESS CONTROL EXPRESSION pane of the page displays default column family authorizations as a reference.
- Field Permission Descriptions (for JSON Tables)
- By default, a field inherits permissions from the column in
which the field is located. Permissions set at this level
override permissions inherited from the column. You can set
the following permissions by selecting the associated
checkbox, as described in the table below.
By default, all permissions are given to the user creating the table.Read Data Can read from the field. This permission extends to fields that are nested below as well unless explicitly denied on any of the nested fields. Write Data Can delete the field, insert a value into the field, or overwrite the field's value. NOTEDeleting a field also deletes all fields that are nested within that field, even those fields on which the write permission is explicitly denied.Traverse Data Can descend a hierarchy of fields to access the fields to read or write. Unmasked Data Check Unmask Data to allow the specified user to see all field data for field specified of the selected column family. Leaving the Unmask Data field unchecked hides field data for the selected column family from the selected user.
-
Opt to repeat the step
above to:
- Add another field by clicking Add Field.
- Add a different set of permissions to a selected field for another public user or another user, group, or role.
- Click Save Changes to save your current additions and changes.