Creating Volume-level ACLs
About this task
Data Fabric provides volumes as a way to organize data and manage cluster performance. For example, to create a volume for each user, department, or project. Create a volume-level ACL that controls which users and groups have access to that volume, and what actions they may perform.
You can create volume-level ACLs from the Control System or from the command line.
Creating Volume-level ACLs from the Control System
Procedure
- New volumes, see Creating a Volume to set volume-level ACLs.
- Existing volumes, see Modifying a Volume to modify volume-level ACLs.
Creating Volume-level ACLs from the Command Line
About this task
To create an ACL at the command line, use the acl set
command to
specify a list of authorized users (or groups) and the actions they are allowed to
perform.
The syntax is:
maprcli acl set -type volume -name <volume name> [-user <username>:<action> -group <groupname>:<action>]
Include spaces between multiple entries, such as a list of usernames and their associated permission levels (or actions). Each allowed action has a permission code associated with it. The codes are explained below.
Permission Code | Allowed Action |
---|---|
dump | Dump or back up the volume |
restore | Restore or mirror the volume |
m | Modify the volume's properties |
d | Delete the volume |
a | Administrator (can edit and view ACLs but cannot perform volume operations) |
fc | Full control over the volume (This enables all volume-related administrative options with the exception of changing the volume ACLs.) |
Example
This example shows how to create an ACL for a volume named test-volume
that allows full control over volume ACLs for user rjones
. In addition, all
users in the developers
group are given permission to dump, restore, and
modify volume properties.
maprcli acl set -type volume -name test-volume -user rjones:fc
-group developers:dump,restore,m