Editing Field Permissions for a JSON Table Column Family
Explains how to edit field permissions for an existing column family for a specified JSON table using the Control System.
About this task
Use the Control System to edit field permissions for fields that are part of a column family within an existing JSON table.
NOTE
Field and field permissions can be used
with and assigned to only JSON tables.Procedure
-
Log into the Control System using your login credentials. The Control System
Overview page appears.
NOTEThis option is not available on the Kubernetes version of the Control System.
- Click Tables page appears. from the top of the page. The
- Select the JSON table needing field permissions edited by selecting it under the Recently Viewed Tables pane or entering the path to the needed table in the available field, and then clicking Go. The table information page of the selected table appears.
- Click the Column Families tab.
- Click the name of the column family (under the All pane) to which field permissions are to be edited, and then click Field Permission at the top of the Edit Column Family page.
-
Opt to:
- Add additional fields:
- Click Add Field to add one or more fields, and then select a field listed in the left-hand pane of the screen.
- Enter a name for the field in the Field Name field, as applicable.
- Change the name of an existing field of the displayed column family by clicking on the name of the field (in the left panel) and then updating the name in the Field Name field.
- Delete an existing field by clicking (delete) to the right of the field name shown in the left pane of the page. The field name is deleted immediately.
- Change data masking options for a selected field:
Select the field to have its masking options modified, and then click the Data Masking pull-down menu, and then select one of the following data masking options:
- Replace all alpha characters with an X and numeric characters with 0,
- Show only the last 4 characters. Replace all other characters with an 'x',
- Show only the first 4 characters. Replaces all other characters with an 'x',
- Show only the first 6 and last 4 characters. Replaces other characters with an 'x',
- Show the first and last 2 chars of username and part of domain,
- Show the hash of the data, or
- Shows only the year portion of the date and default everything else to Jan 1 and 00:00:00
- None
- Change existing access permission selections for the currently displayed
field or add a new set of access permissions for the selected field by
clicking on the name of the field in the left panel and then selecting
either of the following:
- Basic. After selecting
Basic, click Add
Another and make selections and entries for a new
set of permissions. Alternatively, for a listed user type, select a
different user type from the Type pull-dow
menu, , change the name for the user type in the
Name field, and update access
permissions, as needed. See the table below for permission option information.NOTEAlternatively, you can click (Duplicate) to duplicate the previously listed row and then select applicable permissions.
- Advanced. After selecting Advanced, enter the permission details, and, if necessary, click (the pencil icon) to open the Edit Data Access Control Expression window to select additional permission definitions. See Defining ACEs Using the Access Control Expression Builder for more information on ACE functionality. See the table below for access permission option information.
NOTEThe AUTHORIZATION - ACCESS CONTROL EXPRESSION pane of the page displays default column family authorizations (just below the Data Masking pull-down menu) as a reference.- Field Permissions (for JSON Tables)
- By default, a field inherits permissions from the column in
which the field is located. Permissions set at this level
override permissions inherited from the column. You can set the
following permissions by selecting the associated checkbox, as
described in the table below.
By default, all permissions are given to the user creating the table. See Permission Types for Fields and Column Families in JSON Tables for more information.Read Data Can read from the field. This permission extends to fields that are nested below as well, unless explicitly denied on any of the nested fields. Write Data Can delete the field, insert a value into the field, or overwrite the field's value. NOTEDeleting a field also deletes all fields that are nested within that field, even those fields on which the write permission is explicitly denied.JSON Traverse Can descend a hierarchy of fields to access the fields to read or write. Unmasked Data Check Unmask Data to allow the specified user to see all field data for field specified of the selected column family. Leaving the Unmask Data field unchecked hides field data for the selected column family from the selected user.
- Basic. After selecting
Basic, click Add
Another and make selections and entries for a new
set of permissions. Alternatively, for a listed user type, select a
different user type from the Type pull-dow
menu, , change the name for the user type in the
Name field, and update access
permissions, as needed. See the table below for permission option information.
- Delete an existing set of permissions for a created user type of a
select field:
- Click on the name of the field associated with the permissions to be deleted.
- Click (Delete) to the far right of the permission options. The set of permissions is deleted immediately.
- Add additional fields:
-
Opt to:
- Add another field by clicking Add Field. See the above step for more details.
- Update data masking options for another field. See the above step for more details.
- Add a different set of permissions to a selected field for another public user or another user, group, or role. See the above step for more details.
- Delete another set of permissions for a listed user type. See the above step for more details.
- Click Save Changes to save your current additions and changes.