Removing Tagged Security Policies from Data Objects
You can remove security policies associated with data objects using the Control System, CLI, or REST API.
About this task
HPE Ezmeral Data Fabric Component | Data Object | How to Remove Security Policies |
---|---|---|
HPE Ezmeral Data Fabric File System | Volume |
|
Directory |
|
|
File |
|
|
HPE Ezmeral Data Fabric Database | JSON Table |
|
Column family |
|
|
Field |
|
The following sections describe how to remove security policies from data objects through the Control System and extended attributes.
Removing Security Policies from Objects Using the Control System
About this task
- Removing Security Policies from Volumes
-
- Log in to the Control System, and click NOTEThe Volumes page is under the Volumes menu in the Kubernetes version of the Control System.
.
- On the Volumes page, locate and select the volume that is tagged with the security policy to be removed.
- Click Edit Volume.
- In the Security section, click next to the security policy associated with the volume to remove the security policy.
- Click Save Changes.
- Log in to the Control System, and click
- Removing Security Policies from Tables, Column Families, and Fields
-
- Log in to the Control System, and click .
- In the Tables view, locate and select the table with the security policy to be removed. To remove a security policy from a column family or field, select the table that contains the column family or field.
- On the Summary tab, locate the Security section.
- In the Security section, click next to the
security policy associated with the table to remove the security
policy.
- To remove a security policy from a column family, click on the table to expand the view. Click next to security policy associated with the column family to remove the security policy.
- To remove a security policy from a field, click the column family name to expand the view, and remove the security policy.
Removing Security Policies Using Extended Attributes
About this task
Security policies use a special format for the extended attribute
name, which is always set to the keyword
security.mapr.policy
.
To
remove the extended attribute by name, run the
setfattr
command with the -x
option:
setfattr [-h] -x name pathname...
Remove all security policy tags
Use the
-x
option to remove all security
policy tags from the specified File Store object. For example, to
remove all security policies for the file
/mapr/lab/foo.txt
, use the following
command:
setfattr -x security.mapr.policy
/mapr/lab/foo.txt
security.mapr.policy
.To remove security policy
tags, run the hadoop fs -setfattr
command with one
of the following parameters:
-x
to remove all security policy tags-v
to remove the specified security policy tags
For example, to remove all the security policy tags for the file
/mapr/lab/foo.txt
, use:
hadoop fs -setfattr -x security.mapr.policy
/mapr/lab/foo.txt
To remove some security policy tags, and keep the rest, use the
-v
parameter.
This parameter replaces existing security policy tags with the ones specified.
For
example, if two security policies are tagged to the file
/mapr/lab/foo.txt
(namely,
Sensitive_Data
policy and
Lab_Security_Policy
) and you want to remove the
Sensitive_Data
policy tag, specify just the
Lab_Security_Policy
tag in the
-v
parameter:
hadoop fs -setfattr -n security.mapr.policy -v
"Lab_Security_Policy,Sensitive_Data" /mapr/lab/foo.txt
Alternatively, use the hadoop mfs
command to remove
security policies.
For example, to remove particular security tags, use the format:
hadoop mfs [-removesecuritypolicytag [-R] <comma-separated list of security policy tags> <path>]
hadoop mfs [-removeallsecuritypolicytags [-R] <path>]
To remove an extended attribute associated with a file or directory, use the following Java API:
public void removeXAttr(Path path, String name) throws
IOException
The name must be prefixed with the namespace, followed by
.
(period). For data-fabric security policy
tags, the attribute name is
security.mapr.policy
.
Security policies use a special format for the extended attribute
name, which is always set to the keyword
security.mapr.policy
.
To remove an extended attribute value, use the
removexattr
or fremovexattr
system calls. The brief synopsis is as follows. For more details,
refer to the removexattr
(2) Linux manual page.
NAME
removexattr, fremovexattr -- remove an extended
attribute value
SYNOPSIS
#include <sys/xattr.h>
int removexattr(const char *path, const char *name, int options);
int fremovexattr(int fd, const char *name, int options);