blockaccess user
Blocks a user on a specific cluster.
This action cancels all existing tickets for the specified user. For information about blocking, see How Tickets Work.
Syntax
- CLI
-
maprcli blockaccess user -name username to be added to blocked users [ -blockaccesstime millis from epoch or date in MM/DD/YYYY format ] [ -cluster name of the cluster ]
- REST
Request Type POST Request URL http[s]://<host>:<port>/rest/blockaccess/user?<parameters>
Parameters
Parameter |
Description |
---|---|
name |
(Required) Username to block. |
blockaccesstime | (Optional) Invalidates all user's tickets raised before the specified date (in the format <MM/DD/YYYY>). Alternatively, you can set the time in milliseconds from epoch time (the number of milliseconds that have elapsed since Jan 1, 1970, midnight UTC). |
cluster | (Optional) Name of the cluster from which to block the user. The default is the cluster on which the command is run. |
Example
Block the rogueuser user name from the cluster my.cluster.com:
- CLI
-
maprcli blockaccess user -name rogueuser -cluster my.cluster.com
- REST
-
curl -X POST -u <username> https://r1n1.sj.us:8443/rest/blockaccess/user?name=rogueuser&cluster=my.cluster.com
Deny the rogueuser user's tickets that were raised prior to 1st September 2020 from the cluster my.cluster.com:
- CLI
-
maprcli blockaccess user -name rogueuser -cluster my.cluster.com -blockaccesstime 09/01/2020
- REST
-
curl -X POST -u <username> https://r1n1.sj.us:8443/rest/blockaccess/user?name=rogueuser&cluster=my.cluster.com&blockaccesstime=09/01/2020
Deny the rogueuser user's tickets that were raised prior to 1605418200155 milliseconds from epoch, from the cluster my.cluster.com:
- CLI
-
maprcli blockaccess user -name rogueuser -cluster my.cluster.com -blockaccesstime 1605418200155
- REST
-
curl -X POST -u <username> https://r1n1.sj.us:8443/rest/blockaccess/user?name=rogueuser&cluster=my.cluster.com&blockaccesstime=1605418200155
The value
1605418200155
corresponds to the time November 15th 2020, 11:00:00 am IST+05:30. Therefore, all rogueuser tickets that were raised prior to November 15th 2020, 11:00:00 am IST+05:30 are blocked.
Related Log File
The log file /opt/mapr/logs/cldbaudit.log.json
contains the log of the
deny operation including the updated deny time. For example:
{"timestamp":{"$date":"2020-11-13T08:37:36.524Z"},"resource":"mapruser4","operation":"blacklist",
"username":"root","uid":0,"clientip":"10.10.50.42","properties":
[{"property":"denylisttime","oldvalue":"1605254599376","newvalue":"1605875766173"}],
"status":0}{"timestamp":{"$date":"2020-11-13T08:37:45.020Z"},"resource":"cluster",
"operation":"listBlacklist","username":"root","uid":0,
"clientip":"10.10.50.42","status":0}
Here the old deny list time was 1605254599376 milliseconds (November 13, 2020 1:33:19 PM IST) and is now updated to 1605875766173 milliseconds (Friday, November 20, 2020 6:06:06 PM IST).