Permission Types for Fields and Column Families in JSON Tables
By using ACEs, you can grant or deny access to fields and column families that are in JSON tables.
- Traverse
(
traverseperm
) - Read
(
readperm
) - Write
(
writeperm
)
This permission allows the grantee to descend a hierarchy of fields to access fields on which the grantee has write or read permission.
For example, suppose that a user has read and write access to only field b below.
To access
field b
, the user would need to be able to traverse (pass through) field
a
. In this case, because the entire document is in the default column
family, the user could be granted traverse permission on the default column family. Field
a
would inherit the traverse permission.
If a user was denied
traverse permission on the default column family, the user would not be able to access
field b
. Granting traverse permission on field a
in this
case would have no effect.
In the example below, field a
is part
of the cf1
column family.
To be able to read and write at field
b
, the user could be granted the traverse permission on the column
family.
The read permission allows the grantee to read from a field.
This permission extends to fields that are nested below the field on which the permission was granted. However, grantees can be explicitly denied the permission on any of the nested fields.
This permission allows the grantee to delete a field, insert a value into a field, or overwrite field value.
As illustrated in the two diagrams below, deleting a field also deletes all fields that are nested within that field, even those fields on which the write permission is explicitly denied.