Obtaining readperm and writeperm on Fields

In this scenario, you want to perform an operation on a field, and the operation requires that you have readperm and writeperm permissions on that field. How you obtain these permissions depends on whether the field is in the default column family or a non-default column family.

If the field is in the default column family

In the document below, you want to perform an operation on field c, which is in the default column family. The operation requires you to have readperm and writeperm on field c.

Figure 1. Schematic diagram of an JSON document in which all fields are in the default column family
Case 1: You have readperm and writeperm on the default column family
In this case, field c inherits these permissions, assuming that the permissions were not denied on field a or b.

If you do not have readperm and writeperm on field a or b, you need traverseperm on the field that denied you those permissions. You also need readperm and writeperm explicitly granted to you on field c. You could be granted these permissions with the maprcli table cf colperm set command, as in these examples:

maprcli table cf colperm set -path <path to JSON table> 
-cfname default -name a.b -traverseperm u:<user ID> | <existing ACE for this field>
maprcli table cf colperm set -path <path to JSON table> -cfname default 
-name a.b.c -readperm u:<user ID> | <existing ACE for this field> -writeperm 
u:<user ID> | <existing ACE for this field>
Case 2: You do not have readperm and writeperm on the default column family
In this case, you need the traverseperm permission on the default column family. Fields a and b inherit this permission. You also need readperm and writeperm on field c.

You could be granted these permissions with commands similar to these:

maprcli table cf edit -path <path to JSON table> -cfname default -traverseperm 
u:<user ID> | <existing ACE for this field>
maprcli table cf colperm set -path <path to JSON table> -cfname default -name a.b.c 
-readperm u:<user ID> | <existing ACE for this field> -writeperm u:<user ID> | 
<existing ACE for this field> 

If the field is in a non-default column family

NOTE
Non-default column families are an advanced feature of HPE Ezmeral Data Fabric Database's native JSON support. For information about them, see Column Families in JSON table.

In the following document, you want to perform an operation on field c, which is in the column family cf1 that is defined at field b with the path a.b.

Figure 2. Schematic diagram of an JSON document in which fields b and c are in a column family that has the path a.b
Case 1: You do not have readperm and writeperm on field b
You need traverseperm on field b and both readperm and writeperm on field c. You can be granted these permissions with commands similar to these:
/opt/mapr/bin/maprcli table cf edit -path <path to JSON table> -cfname cf1 
-traverseperm u:<user ID> | <existing ACE for this field>
maprcli table cf colperm set -path <path to JSON table> -cfname cf1 -name a.b.c 
-readperm u:<user ID> | <existing ACE for this field> -writeperm u:<user ID> | 
<existing ACE for this field> 
Case 2: You do have readperm and writeperm on field b
You do not need any further permissions. Field c inherits your readperm and writeperm permissions from field b.