table cf colperm set
Sets access control expressions (ACEs) for a specified column.
Permissions Required
To run this command, your user ID must have the following permissions:
readAce
andwriteAce
on the volumelookupdir
on directories in the pathadminaccessperm
on the table
mapr
user is not treated as a superuser.
HPE Ezmeral Data Fabric Database does not allow the mapr
user to
run this command unless that user is given the relevant permission or permissions with
access-control expressions.Syntax
- CLI
-
/opt/mapr/bin/maprcli table cf colperm set -path <path> -cfname <column-family name> -name <column name> [ -appendperm <Access Control Expression for column appends> ] [ -readperm <Access Control Expression for column reads> ] [ -writeperm <Access Control Expression for column writes> ] [ -traverseperm <Access Control Expression for column traversals in JSON tables> ] [ -unmaskedreadperm <Unmasked read column permission settings> ]
- REST
-
curl -k -X POST 'http[s]://<host>:<port>/rest/table/cf/colperm/set?path=<path>&cfname=<name>&name=<name>&<parameters>' -u <username>:<password>
Parameters
Parameter |
Description |
---|---|
path |
The path to the table.
|
cfname |
The name of the column family in which the column is located. |
name | For binary tables: The name of the column for which you want to
set the Access Control Expression (ACE). For JSON tables: The fieldpath of the field on which you want to set
permissions. For example, if you wanted to grant
readperm to a user on field b in the
following document. the fieldpath would be
a.b .
|
appendperm |
Applies to binary tables only: The ACE for column appends. Use single quotation marks around the ACE. Column appends require permission both at the column-family level and at the column level. |
readperm |
The ACE for column reads. Use single quotation marks around the ACE. Reads require permission both at the column-family level and at the column level (for binary tables) or field level (for JSON tables). In JSON tables, this permission is inherited by fields within the column family. |
writeperm |
The ACE for column writes (puts and deletes). Use single quotation marks around the ACE. Writes require permission both at the column-family level and at the column level (for binary tables) or field level (for JSON tables). In JSON tables, this permission is inherited by fields within the column family. |
traverseperm |
Applies to JSON tables only: The Access Control
Expressions that specifies who has permission to pass over fields in JSON
documents. For example, suppose that a JSON table contains documents of this
general structure:
Suppose
further that the user sjohnson has read permission on
a.b , but not on a . For sjohnson to
read a.b , the user needs the traverse permission on
a . The user can then pass over field a to
a.b . This permission is inherited by fields within the column family. By default, this permission is given to the value of defaulttraverseperm for the JSON table. |
unmaskedreadperm | The unmaskedreadperm permission, when applied to a
column of a JSON table with a dynamic data
mask set, allows the user to read the data unmasked. Users without
this permission have the masked data returned. |
Example
Sets readperm
ACE for column col1
in table
mytable
and column family cf1
:
- CLI
-
/opt/mapr/bin/maprcli table cf colperm set -path /mytable -cfname cf1 -name col1 -readperm 'g:group1'
- REST
-
curl -X POST \ 'https://r1n1.sj.us:8443/rest/table/cf/colperm/set?path=%2Fmytable&cfname=cf1&name=col1&readperm="g:group1"' \ -u <username>:<password>