blockaccess user

Blocks a user on a specific cluster.

This action cancels all existing tickets for the specified user. For information about blocking, see How Tickets Work.

Syntax

CLI
maprcli blockaccess user 
     -name username to be added to blocked users
     [ -blockaccesstime millis from epoch or date in MM/DD/YYYY format ]
     [ -cluster name of the cluster ]
REST
Request Type POST
Request URL
http[s]://<host>:<port>/rest/blockaccess/user?<parameters> 

Parameters

Parameter

Description

name

(Required) Username to block.

blockaccesstime (Optional) Invalidates all user's tickets raised before the specified date (in the format <MM/DD/YYYY>). Alternatively, you can set the time in milliseconds from epoch time (the number of milliseconds that have elapsed since Jan 1, 1970, midnight UTC).
cluster (Optional) Name of the cluster from which to block the user. The default is the cluster on which the command is run.

Example

Block the rogueuser user name from the cluster my.cluster.com:

CLI
maprcli blockaccess user -name rogueuser -cluster my.cluster.com
REST
curl -X POST -u <username> https://r1n1.sj.us:8443/rest/blockaccess/user?name=rogueuser&cluster=my.cluster.com

Deny the rogueuser user's tickets that were raised prior to 1st September 2020 from the cluster my.cluster.com:

CLI
maprcli blockaccess user -name rogueuser -cluster my.cluster.com -blockaccesstime 09/01/2020
REST
curl -X POST -u <username> https://r1n1.sj.us:8443/rest/blockaccess/user?name=rogueuser&cluster=my.cluster.com&blockaccesstime=09/01/2020

Deny the rogueuser user's tickets that were raised prior to 1605418200155 milliseconds from epoch, from the cluster my.cluster.com:

CLI
maprcli blockaccess user -name rogueuser -cluster my.cluster.com -blockaccesstime 1605418200155
REST
curl -X POST -u <username> https://r1n1.sj.us:8443/rest/blockaccess/user?name=rogueuser&cluster=my.cluster.com&blockaccesstime=1605418200155

The value 1605418200155 corresponds to the time November 15th 2020, 11:00:00 am IST+05:30. Therefore, all rogueuser tickets that were raised prior to November 15th 2020, 11:00:00 am IST+05:30 are blocked.

Related Log File

The log file /opt/mapr/logs/cldbaudit.log.json contains the log of the deny operation including the updated deny time. For example:

{"timestamp":{"$date":"2020-11-13T08:37:36.524Z"},"resource":"mapruser4","operation":"blacklist",
             "username":"root","uid":0,"clientip":"10.10.50.42","properties":
             [{"property":"denylisttime","oldvalue":"1605254599376","newvalue":"1605875766173"}],
             "status":0}{"timestamp":{"$date":"2020-11-13T08:37:45.020Z"},"resource":"cluster",
             "operation":"listBlacklist","username":"root","uid":0,
             "clientip":"10.10.50.42","status":0}

Here the old deny list time was 1605254599376 milliseconds (November 13, 2020 1:33:19 PM IST) and is now updated to 1605875766173 milliseconds (Friday, November 20, 2020 6:06:06 PM IST).